Easy Role-Based Authorization in Rails
Once user authentication has been added to your Rails app, authorization isn’t far behind. In fact, very basic authorization functionality exists the moment you implement user authentication. At that point, users who are logged in will have authorization to access areas of your application that others do not. The next common step is to add a boolean attribute to the User model to track whether a user is a "normal" user or someone who should have access to administer the application as well, yielding a convenient syntax like @user.admin?.
Adding an attribute to track a user’s administrator status may well be enough for a simple application, but at some point you will want something more flexible. After all, you don’t want to go adding a new column to your user table for every single possible authorization level, do you? Here’s one very easy way to handle things.
PHP: A Bridge Too Many?
Development language preferences are funny things. I’m well aware of the benefits that come from being familiar with many languages, not least of which is the perspective needed to discern the right tool for each job. As they say, when the only tool you have is a hammer, everything looks like a nail. I’ve had exposure (in varying degrees) to a fair number of programming languages in my time: BASIC, Pascal, Ada, C, Bourne Shell, Perl, Python, PHP, Java, Javascript, VB, and Ruby among them, so I feel as though I do have some general ideas about the kinds of features I look for in a language.
All that being said, there are some tools that I can’t help but wonder about. PHP is one of them.
metautonomous is the weblog of Ernie Miller, an application developer in the Louisville, Kentucky area who believes that software development should be fun − not just for the developer, but for the users. You can