Devise current_user vs user_session
Question
I'd like to limit a users scope, once authenticated, to a specific namespace. But they'll be dynamic (ie not a named route). example:
/rails/redteam/
/rails/blueteam/
/rails/greenteam/
or perhaps simply:
/rails/
...or...
/
if we know their 'team' then couldn't that somehow be assumed in the routing?
How best to set this up and handle this securely? should I store team name in user_session? Or, query the current_user for their group and verify it matches their known group(s) in a before_filter?
What about the routes themselves? basically glorified IDs, perhaps a permalink of sorts? dunno the "Rails way?"
btw- I'm aware of authorization gems like CanCan and decl_auth but trying to avoid their complexity, if possible, as I'm sorta a newb, if that wasn't obvious enough already.
1 answers
solution1
2 ACCPTED 2010-12-14 21:01:17
I'm aware of authorization gems like CanCan and decl_auth but trying to avoid their complexity, if possible
You're much better off taking the time to learn about one (or the other, or both) of these gems than to try rolling your own solution, IMO. Ultimately you'll run into complications as your requirements change, and without a good framework underlying your approach, problems are just bound to happen.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.