Swaggadocio

A portmanteau of swagger and braggadocio.

The Tumblog of transatlantic entrepreneur, occasional raconteur, and code-slinger extraordinaire Stevie Graham.

Hit me via stevegraham at tumblr.com

All Ruby Posts

Fri12Feb

1. Model Layer Attribute Level Access Control

   I have this interesting problem at work on this web app. The requirements mandate super fine-grained access control on model objects. It’s not enough to restrict access to CRUD actions, my boss wants different roles to be able to access specific attributes and not others. i.e. normal users can access name but not salary etc.

   I came up with a DSL for this. This is what it looks like:

   let :admin, :update => :everything, :see => :everything
   
   let :users, :update => [:name, :telephone_number, :email], :see => :everything
   
   let :guests, :update => :nothing, :see =>  [:name, :department]

   I’ll see if I can get my boss’ permission for me to open source if they’re is demand. Is there?