To hell with ACL
I've been racking my brains for the past few weeks while I've been trying to set up the front end of planlist. I've been convinced of the need for restricting access according to a certain heirarchy: account admin, project admin, partner admin. The fact that a user can be a project admin on one project while being a pleb on another menas that I've had to add attributes to my joins and have ended up with associations such as project habtm users, project bt user etc.
Anyway, I've just had a moment of enlightenment (a la basecamp): keep it simple. From now on there will be just 3 roles:
The added advantage of all of this is ..... when creating a Project I don't need to create a User (owner) and the same goes for when I create a Company; the problems of validating a Company and User or Project and User at the same time vanish. My snazzy AJAX forms are no longer needed. Wallop. All this means that I've sort of got to start from scratch again ...
Anyway, I've just had a moment of enlightenment (a la basecamp): keep it simple. From now on there will be just 3 roles:
- user in who's name account is held
Can CRUD all company's projects, can U company information - users working for company owning project
Can RU projects, CRUD partners - everyone else
Can CRUD anything from THEIR company, unless their company is an account holder
The added advantage of all of this is ..... when creating a Project I don't need to create a User (owner) and the same goes for when I create a Company; the problems of validating a Company and User or Project and User at the same time vanish. My snazzy AJAX forms are no longer needed. Wallop. All this means that I've sort of got to start from scratch again ...
posted by The Grovemeister at 4:33 AM
0 Comments:
Post a Comment
<< Home