Multiple roles per user, depending on object

[Henry]

I'm evaluating this promising plugin and had a quick question. I have
an application where a user's role is defined per object - for
example, a user may be an author of one article and a read-only
accessor of another article. So essentially I need a mix of non-
global roles and object-level permissions. Is this something I can
accomplish with declarative_authorization?

Many thanks,
Henry

[Steffen Bartsch]

Am Mittwoch, 30. September 2009 schrieb Henry:
> I have
> an application where a user's role is defined per object - for
> example, a user may be an author of one article and a read-only
> accessor of another article. So essentially I need a mix of non-
> global roles and object-level permissions. Is this something I can
> accomplish with declarative_authorization?

In decl_auth, roles are always statically assigned to users. On the other
hand, permissions are granted based on object permissions. In your case,
those users might be globally authors, but would only have write permissions
on articles where the article's owner is the user. So, yes, this is a
standard use case of decl_auth.

Have a look at the demo app for examples:
http://github.com/stffn/decl_auth_demo_app

Steffen

[Henry]

Thanks, Steffen. That makes sense. I'll have a look at the examples.