Comments on: Recipe: RESTful permissions for Rails http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/ Jo Hund's software engineering blog Thu, 01 Apr 2010 08:15:01 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Jeff K. Ward http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/comment-page-1/#comment-47 Jeff K. Ward Wed, 22 Oct 2008 06:22:30 +0000 http://clearcove.ca/?p=117#comment-47 Great recipe. I've started a new project this week and am setting everything up as you've outlined here. Very clear and concise instructions and lots to chew on. I initially shrugged off using make_resourceful but now that I have all these "raise PermissionViolation" lines everywhere I can see how it will help keep it DRY. Works well together. Oh, and your gist link still has Person in the code instead of User. Thanks again for another amazing post. Keep 'em coming! Great recipe. I’ve started a new project this week and am setting everything up as you’ve outlined here. Very clear and concise instructions and lots to chew on.

I initially shrugged off using make_resourceful but now that I have all these “raise PermissionViolation” lines everywhere I can see how it will help keep it DRY. Works well together.

Oh, and your gist link still has Person in the code instead of User.

Thanks again for another amazing post. Keep ‘em coming!

]]> By: ActsAsFlinn http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/comment-page-1/#comment-31 ActsAsFlinn Mon, 13 Oct 2008 13:26:07 +0000 http://clearcove.ca/?p=117#comment-31 @Jo Hund nice thanks! @Jo Hund nice thanks!

]]> By: Jo Hund http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/comment-page-1/#comment-27 Jo Hund Fri, 10 Oct 2008 16:43:03 +0000 http://clearcove.ca/?p=117#comment-27 @ActsAsFlinn: Rails uses Thread.current to store the current Timezone. Check out the <a href="http://github.com/rails/rails/tree/master/activesupport/lib/active_support/core_ext/time/zones.rb" rel="nofollow">Rails source</a> for more info (lines 14 - getter and 37 - setter). @emerb: Not sure how you use method_missing. As a safeguard for permission checks you haven't implemented? You return false by default? I use method_missing as little as possible. Jay Fields has convinced me in one of his <a href="http://blog.jayfields.com/2008_02_01_archive.html" rel="nofollow">articles</a> @ActsAsFlinn: Rails uses Thread.current to store the current Timezone. Check out the Rails source for more info (lines 14 – getter and 37 – setter).

@emerb: Not sure how you use method_missing. As a safeguard for permission checks you haven’t implemented? You return false by default? I use method_missing as little as possible. Jay Fields has convinced me in one of his articles

]]> By: emerb http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/comment-page-1/#comment-26 emerb Fri, 10 Oct 2008 15:33:31 +0000 http://clearcove.ca/?p=117#comment-26 I implemented something similar (more general though), in my implementation I use the method missing to return false when the method ends with '?', I think you could do that as well I implemented something similar (more general though), in my implementation I use the method missing to return false when the method ends with ‘?’, I think you could do that as well

]]> By: ActsAsFlinn http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/comment-page-1/#comment-25 ActsAsFlinn Fri, 10 Oct 2008 15:08:43 +0000 http://clearcove.ca/?p=117#comment-25 In your intro you mentioned that Rails does something like this somewhere: <code>Thread.current[:user]</code> Can you point that out so I can better understand the context. In your intro you mentioned that Rails does something like this somewhere:

Thread.current[:user]

Can you point that out so I can better understand the context.

]]> By: jhund http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/comment-page-1/#comment-21 jhund Mon, 29 Sep 2008 22:29:43 +0000 http://clearcove.ca/?p=117#comment-21 @Anthony: Yes, if you go with the standard naming for restful_authentication, then you have to use 'User' instead of 'Person'. I prefer to use Person (even with restful_authentication). It seems a bit more personal than 'user'. I am in the process of updating this recipe and will push it to <a href="http://github.com/jhund/rails-recipes/tree/master/restful-permissions" rel="nofollow">github</a> pretty soon. That's where I will maintain these recipes. Makes managing changes easier. Thanks for your interest. @Anthony: Yes, if you go with the standard naming for restful_authentication, then you have to use ‘User’ instead of ‘Person’.

I prefer to use Person (even with restful_authentication). It seems a bit more personal than ‘user’.

I am in the process of updating this recipe and will push it to github pretty soon. That’s where I will maintain these recipes. Makes managing changes easier.

Thanks for your interest.

]]> By: Anthony Underwood http://clearcove.ca/blog/2008/08/recipe-restful-permissions-for-rails/comment-page-1/#comment-20 Anthony Underwood Mon, 29 Sep 2008 22:09:20 +0000 http://clearcove.ca/?p=117#comment-20 I like the idea and it is already making my app DRYer. However using restful_authentication, should actor.is_a?(Person) not be actor.is_a?(User)? The latter worked for me whereas the former failed to ever give permission. I like the idea and it is already making my app DRYer. However using restful_authentication, should actor.is_a?(Person) not be actor.is_a?(User)?

The latter worked for me whereas the former failed to ever give permission.

]]>