What is the most elegant way to access current_user from the models? or why is it a bad idea?
Posted
by
TheLindyHop
on Stack Overflow
See other posts from Stack Overflow
or by TheLindyHop
Published on 2012-06-12T22:05:34Z
Indexed on
2012/06/12
22:40 UTC
Read the original article
Hit count: 182
So, I've implemented some permissions between my users and the objects the users modify.. and I would like to lessen the coupling between the views/controllers with the models (calling said permissions). To do that, I had an idea: Implementing some of the permission functionality in the before_save
/ before_create
/ before_destroy
callbacks. But since the permissions are tied to users (current_user.can_do_whatever?
), I didn't know what to do.
This idea may even increase coupling, as current_user
is specifically controller-level.
The reason why I initially wanted to do this is:
All over my controllers, I'm having to check if a user has the ability to save
/ create
/ destroy
. So, why not just return false upon save
/ create
/ destroy
like rails' .save
already does, and add an error to the model object and return false, just like rails' validations?
Idk, is this good or bad? is there a better way to do this?
© Stack Overflow or respective owner