@@ -169,6 +169,18 @@ role, the later one always wins. That is end will work as expected. +=== Our stance on multiple roles per user + +We believe that you should only distinguish roles that have different ways of resolving their permissions. A typical set of roles would be + +* anonymous guest (has access to nothing with some exceptions) +* signed up user (has access to some things depending on its attributes and associations) +* administrator (has access to everything) + +We don't do multiple, parametrized roles like "leader for project #2" and "author of post #7". +That would be reinventing associations. Just use a single :user role and let your permission block +query regular associations and attributes. + === Credits Henning Koch, Tobias Kraze README.rdoc 5fe8de33c88bc567d27efb4c3424f47d94e5e9f8 Henning Koch henning.koch@makandra.de http://github.com/makandra/aegis/commit/30c9ecb6cb4fcf9143af67e5926d6ba1620d1cd5 30c9ecb6cb4fcf9143af67e5926d6ba1620d1cd5 2009-11-04T14:07:46-08:00 2009-11-04T14:07:46-08:00 clarified our stance on multiple roles per user 6c33d063d2388fab6363186107a83e0d5b2ecce3 Henning Koch henning.koch@makandra.de