Rails: Access to current_user from within a model in Ruby on Rails

by

I’d say your instincts to keep current_user out of the model are correct.

Like Daniel I’m all for skinny controllers and fat models, but there is also a clear division of responsibilities. The purpose of the controller is to manage the incoming request and session. The model should be able to answer the question “Can user x do y to this object?”, but it’s nonsensical for it to reference the current_user. What if you are in the console? What if it’s a cron job running?

In many cases with the right permissions API in the model, this can be handled with one-line before_filters that apply to several actions. However if things are getting more complex you may want to implement a separate layer (possibly in lib/) that encapsulates the more complex authorization logic to prevent your controller from becoming bloated, and prevent your model from becoming too tightly coupled to the web request/response cycle.

More Related Contents:

  1. How to change default timezone for Active Record in Rails?
  2. Rails :include vs. :joins
  3. What is the easiest way to duplicate an activerecord record?
  4. ActiveRecord: size vs count
  5. Connecting Rails 3.1 with Multiple Databases
  6. How can I avoid running ActiveRecord callbacks?
  7. Rails 4: List of available datatypes
  8. Rails 5: ActiveRecord OR query
  9. Rails sessions current practices
  10. Rails update_attributes without save?
  11. query , can not select column count
  12. Rails 3 disabling session cookies
  13. Can I write PostgreSQL functions on Ruby on Rails?
  14. Storing Objects in a Session in Rails
  15. What is the difference between pluck and collect in Rails?
  16. Format a string containing Phone numbers
  17. How to understand nil vs. empty vs. blank in Ruby
  18. Random record in ActiveRecord
  19. How to create a deep copy of an object in Ruby?
  20. Why does String#gsub double content?
  21. Rails 4: before_filter vs. before_action
  22. Add a reference column migration in Rails 4
  23. Why are all Rails helpers available to all views, all the time? Is there a way to disable this?
  24. Rails 3.1 and Ruby 1.9.3p125: ruby-debug19 still crashes with “Symbol not found: _ruby_threadptr_data_type” [duplicate]
  25. How to change the default path of view files in a Rails 3 controller?
  26. Why use “self” to access ActiveRecord/Rails model properties?
  27. Converting an array of objects to ActiveRecord::Relation
  28. Rails – Sort by join table data
  29. Ruby: Create range of dates
  30. Unable to install MySQL2 gem on Windows 7

Leave a Comment