RailsCasts Pro episodes are now free!

Learn more or hide this

subhog's Profile

GitHub User: subhog

Comments by


Nice! But I'm wondering, is there a reason not to do authorization from scratch? In all my apps now I've got user.admin field (or UserRole model when in one that need more privileges). Then I just use a before_filter to check whether user has given privileges, and skip_before_filter in controllers where certain authorization is not needed. Are there any disadvantages of that method?

Ryan, as you're a big fan of writing authentication from scratch, I'd really like to know your opinion on whether there is a good reason to not to do this for authentication.