Topic: A Push in the Right Direction

I am in the planning phases for a project I will be working on this summer.  It will be an overhaul of my Open Source PHP application (http://www.project-alumni.org) in Rails ... with additional features, etc.  Anyhow, I seem to be having a hard time getting started with what perhaps shouldn't cause me issue.  I have created my user stories (http://docs.google.com/Doc?id=d9qsbqv_15gxfnrp), and designed my database schema, however I'm stuck on roles/rights.  Should I have an admin/controller.rb section and should this section encompass all user types with any type of administrative privilege?  Should I have admin/controller.rb only for an admin and otherrole/controller.rb for my other roles?

Anyone with experience developing a role based system who wouldn't mind giving me a push/shove in the right direction I would truly appreciate it.  Any other unsolicited advice is more than welcome.

Re: A Push in the Right Direction

I have a series of railscasts episodes on this topic. I don't recommend splitting your controllers based on how they are accessed, instead, split the controllers based on their behavior and the resources they manage. Then use before filters to control the access.

Railscasts - Free Ruby on Rails Screencasts

Re: A Push in the Right Direction

Thanks for your reply Ryan.  I am very familiar with your railscasts.  I am very thankful for your hard work.  As a matter of fact, I watched the podcasts you are referring to last week.  I might have dismissed this idea early as I thought it may get a bit cluttered based on my 5 roles.  However I will watch the podcasts again and really put some serious thought into this.

Last edited by leveille (2007-06-08 11:06:07)

Re: A Push in the Right Direction

Having multiple roles is even a better reason to go in this direction. You don't want to create 5 completely separate sections of the site for the roles, that would be a lot of duplication. The only reason I can think of doing this is if they need radically different views and features, but even then there are better ways to do this.

I recommend not concerning yourself with the roles as you initially design the controllers. Concern yourself with the behavior you need to add, not who has access to that behavior. For example, if you have a Project model and you only want administrators to have access to deleting that model, just implement the deleting part now, and then restrict access to who has access to that feature through before filters.

Railscasts - Free Ruby on Rails Screencasts

Re: A Push in the Right Direction

Great suggestion Ryan.  Again, I thank you for taking the time to share your knowledge.