What is the most elegant way to access current_user from the models? or why is it a bad idea?

Posted by TheLindyHop on Stack Overflow See other posts from Stack Overflow or by TheLindyHop
Published on 2012-06-12T22:05:34Z Indexed on 2012/06/12 22:40 UTC
Read the original article Hit count: 182

Filed under:
|
|

So, I've implemented some permissions between my users and the objects the users modify.. and I would like to lessen the coupling between the views/controllers with the models (calling said permissions). To do that, I had an idea: Implementing some of the permission functionality in the before_save / before_create / before_destroy callbacks. But since the permissions are tied to users (current_user.can_do_whatever?), I didn't know what to do.

This idea may even increase coupling, as current_user is specifically controller-level.

The reason why I initially wanted to do this is: All over my controllers, I'm having to check if a user has the ability to save / create / destroy. So, why not just return false upon save / create / destroy like rails' .save already does, and add an error to the model object and return false, just like rails' validations?

Idk, is this good or bad? is there a better way to do this?

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about ruby