Is there an unanimous best way to implement user roles when using restall resource routes? Say I have the following resources:
The user has a ticket event_and more tickets related to the person, event and then say I have two types of users : Customers and agents will both enter the system, but with the different resources utilization and functionality based on their roles. For example:
Customers can login:
- Event index, show
- Ticket Index (user by skids), show, buy /
- Event indexes, create, return / remove
- Create, update, Show, Create, Update, Delete
- Individual Index, Show, Create, Update, Delete
- down Out of the 4 general approaches, would the cleaner be more flexible?
In the role folders and namespaces, separate controllers inside resources such as:
namespace "agent" resources: eventSeparate controller from role, for example:
agent control def sell_ticket, etc. Customer Controller DF buy_ticket, etc.Controllers shared with different actions are required, such as:
TicketController before_filter: customer_access,: Only = & gt; : Buy before_filter: exclude: agent_access ,: = & gt;Shared tasks with conditional statements, such as:
make TicketController def if @role ==: Customer #buy ticket elsif @role ==: customer #sell ticket end and
Agents may be used:
Which Tickets, Index, Show, Sell / Make, Refund / delete
I recommend using a combination of the last two proposed implementations They will follow the tragic representation, they place authorization on the appropriate level (controller), and this is a scalable implementation.
The rest, basically, about this, you want to act (verb) agents and customers in relation to tractors, users, and events. In order to accurately represent these nouns you must be a controller for each, then the customer can then identify the resource viewed by the URL, http://example.com/events/22 From here you can use rail routing to represent the context for various resources, such as http://example.com/events/22/tickets by doing something like this: < / P>
Resources: Events are resources: ticket expiration By following a permanent architecture, the paradigm should only be responsible for representing objects that you are buying in. It should not try to prove it. It is not his work should be in the authority controllers. I would advise to search for gems or to set it for you.
Finally, this model will have to be used by keeping Scalable Authority separate from the representation of your resources if you require it to keep your application light, flexible and simple.
Comments
Post a Comment