[Rails] Re: user routing versus admin routing strategies?

@Dee:

Yes, you're answering the right question. My addition of the .html
suffixes (suffixen?) was a brain bubble and should be ignored.

I wonder if exposing the user id in the url is useful or prudent. I
agree with most RESTful philosophy, but even if authorization code is in
place to prevent the user 123 from accessing the account of user 142,
exposing the db-level user ID in the URL doesn't feel right.

That's why I was asking about having two styles of routing: one where
the user ID is implicit (derived from session and authentication
credentials) for ordinary users, and one where the user ID is manifest
in the URL (for the administrator).

But: CanCan looks like a sensible adjunct to Authlogic (even though I've
already written a Role model). I'll just go with the flow and use that
as it was intended.

Thanks for the pointer.

- ff
--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.