Rails developers: What's your favorite library for defining and enforcing access control rules?
-
-
Probably skip the “LoggedInController”; all controllers are post-auth unless declared otherwise.
-
Yeah, you have to pick one of them (if you subclass AppController directly it blows up ;) ). I like being explicit about the choice, but could see an argument for “shop rule: they’re all logged in unless you subclass SpecialDangerousController”
- 3 more replies
New conversation -
-
-
Pro-tip that I’m stealing from
@tqbf — if you do it this way then you’re forced to declare your dangerous controllers as dangerous (“just grep for all the admin ones”) and can’t blow up the world by forgetting to add a filter on a new controller.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
FWIW, finer-grained access control policies (not necessarily list-based) are what cancancan and pundit are both about.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.