James Byrne wrote: > > I am not sure that this is really "pollution". One of the things that > was pointed out to me on the Ruby list when I first began transitioning > to OO was the mantra "ask" don't "tell". It seems to me that in an OO > authorization scheme one might properly ask the user instance (model) > whether or not they are permitted to do "something" (controller) rather > than have the "something" test to see if that user is permitted.
Unless I have misunderstood your intent and by your third choice you are referring to an external role based model while your first choice refers to putting the actual rules inside the user model. In which case I agree with you. My comments refer to the idea that the user model makes the calls to the role model and returns whether or not they were authorized to the request. -- Posted via http://www.ruby-forum.com/. _______________________________________________ rspec-users mailing list rspec-users@rubyforge.org http://rubyforge.org/mailman/listinfo/rspec-users
