Saturday, January 25, 2014
Hi,
-- I am really newbie in RoR, I am just reading this book. I am trying to make very simple application who should have 3 user roles (3 groups of many users). Each role should have different permission set (of course i have to implement some authentication mechanism first).
Administrators - Should have access to all data (create, edit, update, delete).
Editors - Should have access to all data which they created (create, edit, update, delete).
Viewers - Should have read access to all data anyone created.
I just scaffold-ed basic structure of application, did some changes, defined relations between models ... Scaffold views and controllers have all actions for all data (Show, edit, update, delete). My question is:
- Should I move somewhere to dedicated place (like /admin) these scaffold-ed files and "lock" them only for administrators? Create different set of controllers and views for Editors and different set of controllers and views Viewers? Is this even possible?
- Should I use existing scaffold-ed controllers and views and make application logic inside (filtering out displaying Edit link is not good idea, users always can "gues" the correct edit URL even I do not show button for edit)?
- Is there best practice for such common situation?
thanx a lot for your opinions
Pavel K.
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/ff89211b-116a-49e3-a871-7359b21bfb40%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment