2011/10/14, Sean Six <[email protected]>: > I personally use devise for authentication. With some simple code you > can roll your own authorization system. > > You can use in your user table: > t.boolean :admin, :default => false
Yeah, cool... t.boolean :forum_mod, :default => false t.boolean :blog_poster, :default => false t.boolean :may_see_hidden_forum_number1, :default => false t.boolean :and_so_on, :default => false This is what I not wanted to do... Additionally I think that the controller should not more about the user as what is absolutely necessary. As I understand the hole mechanisms, authorization should be part of the model, or at least of another subsystem... If it would be possible I would even let the the database handle the users and create a single databaseuser for every user of my page and handle his permissions to the tables by the database as approach for authorization AND authentication at the same time, but I cant do this because 1) I dont know how to do this in rails and 2) my hoster does not allow more than one dbuser for free... With this argumentation cancan + any authentication system is more what I want then your approach. But I prefer to have authentication and authorization in one single system. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
