And want to discuss a U.S. rails access control design problem.
If I have a user's model, by its implementation, deleted, changed, the list of functions. Ordinary circumstances, we will achieve similar Scaffold generated code. Default into a user list, and then the back of each user has edit, delete, etc. functions. At the same time the list above have add button.
If I want to add access control, such as some people only see the list. Some can see the list and use add function, and some people can see the list and use all the features. Three different permissions can see the list, but for a list of different operations. In order to achieve this kind of access control, can be different designs.
Typically, I will put all the functions of operations on a controller, so that only a view. But in show add, edit, delete button like the judge, and only have the appropriate permissions can see the talent of these buttons, and further in the corresponding action which also make the appropriate judgments. This can be achieved, but the general feeling is very messy. Structure is not good enough, although able to show that the logic of the hidden buttons on the helper or the feeling of chaos inside.
Another way is to put a different controller to operate on different inside, and the operation of different people permission to write different view. This opened almost completely independent. Independent controller, an independent view and so on. There would be no less complicated through the authority to determine whether to display the logic of a button. But not very DRY, and a similar list several times to write.
In this case, I do not know how everyone are designed? Thank you instruct.
If I have a user's model, by its implementation, deleted, changed, the list of functions. Ordinary circumstances, we will achieve similar Scaffold generated code. Default into a user list, and then the back of each user has edit, delete, etc. functions. At the same time the list above have add button.
If I want to add access control, such as some people only see the list. Some can see the list and use add function, and some people can see the list and use all the features. Three different permissions can see the list, but for a list of different operations. In order to achieve this kind of access control, can be different designs.
Typically, I will put all the functions of operations on a controller, so that only a view. But in show add, edit, delete button like the judge, and only have the appropriate permissions can see the talent of these buttons, and further in the corresponding action which also make the appropriate judgments. This can be achieved, but the general feeling is very messy. Structure is not good enough, although able to show that the logic of the hidden buttons on the helper or the feeling of chaos inside.
Another way is to put a different controller to operate on different inside, and the operation of different people permission to write different view. This opened almost completely independent. Independent controller, an independent view and so on. There would be no less complicated through the authority to determine whether to display the logic of a button. But not very DRY, and a similar list several times to write.
In this case, I do not know how everyone are designed? Thank you instruct.