More methods to control access to UI

[natesholland]

I'm trying to figure out if there is a good way to control access to the UI other than with a routes constraint. My main concern with a routes constraint is that if you don't use devise to get your current_user then you would have to unpack a cookie and check the db in your routing which violates a number of best practices.

Would it be possible to put some sort of callback into the UI which would hand control over to the rails app and let it determine if the user has permissions to access the feature flipper? It would be helpful to have this after the application controller has loaded because that way it would be easier to grab the current user in most rails apps.

[jnunemaker]

I'd be open to the concept but I can't really picture it eight now. I don't use devise and never have. It seems like any app could easily create a class that extracts and authenticated user from a request (typically the session). That class can then be used in both places (application controller and routing constraint). Most rails apps store session in cookie but not user info in cookie. Getting the session info in the constraint is just request.session call.

Maybe put a spike together of what you are thinking? Something I could react to?

[natesholland]

The more I sleep on this I can't really find a better way to do it. We can go ahead and close this issue. If I come up with something more helpful I will reopen.