Home/ Questions/Q 6086743
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T11:47:26+00:00

I implement ACL for my ROR app. I have access variable that stores rights

  • 0

I implement ACL for my ROR app. I have access variable that stores rights for users.

It contain hashes with array value for each user.
First array element is controller name and second element – array with action’s names.

access = {
           'user' => [
             ['drivers', ['show','delete','update']],
             ['index',   ['edit','destroy','view']]
           ],

           'administrator' => [
             ['users', ['show','edit','delete']],
             ['index', ['delete','index','show']]
           ]
         }

I want to check if user have access to particular controller and action

user       = 'administrator'
controller = 'index'
action     = 'delete'

I do it with

if access[user]
  access[user].each do |acc|
    if acc[0].include? controller 
      if acc[1].include? action
        puts "User '#{user}' have access to controller '#{controller}' and action '#{action}'"
      end
    end
  end
end

Maybe exists more elegant way to store similar data or better way to access it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Instead of rolling it yourself, I would recommend a system like CanCan or Stonewall.

    Both of those have methods that allow you to ask “Can this user do this thing on this object?”.

    Stonewall + StonewallActionProtection, a plugin of my own, can make access checks for CRUD operations automatic.

    • 0