In our web app we have lots of features that are predicated upon the user's role. For example, a "show" link is available to everyone, but an "edit" link is only available to managers.<div><br></div>
<div>Is there a best-practices approach for dealing with this?</div><div><br></div><div>There are two places where user-role is significant -- controller and view. In the controller we use chaining to bounce a user out of an edit method if they don't have the right role. And in the view we use lots of [% IF c.user.is_mgr %] logic to determine whether or not to display the links. (Using user-friendly urls like /thingy/27/edit makes the URL easy to guess, so checking inside the controller is a good idea.)</div>
<div><br></div><div>So right now we're checking for the same thing in the view that we're checking for in the controller. The more features that get added that require role-checking, the more hairy this gets.</div>
<div><br></div><div>Is there a way to get all this rolled up into one place? Or at least make the view a bit more elegant?<br clear="all"><br>-- <br>Failure is not important. How you overcome it, is.<br>-- Nick Vujicic<br>
</div>