What should be in the columns of the roles table for acl9

Question

Probably a stupid question but I am pretty close to getting acl9 implemented. Just a little unsure what the data should look like in the roles table:

id | name  | authorizable_type | authorizable_id | created_at | updated_at 
---+-------+-------------------+-----------------+------------+------------ 

I assume name would be "admin" and such.

I'm not certain what authorizable_type and authorizable_id are referring to.

Answer 1

The main purpose of the authorizable_type and the authorizable_id map the `authorizable_object'. Hope this helps usually if you are creating a roles table in your application your migration should look like the following:

class CreateRoles < ActiveRecord::Migration
  def self.up
    create_table :roles, :force => true do |t|
      t.string   :name
      t.string   :authorizable_type
      t.integer  :authorizable_id
      t.timestamps
    end
    add_index :roles, :name
    add_index :roles, [:authorizable_id, authorizable_type]
    add_index :roles, [:name, :authorizable_id, :authorizable_type], :unique => true
  end

  def self.down
    remove_index :roles, [:name, :authorizable_id, :authorizable_type]
    remove_index :roles, [:authorizable_id, :authorizable_type]
    remove_index :roles, :name
    drop_table :roles
  end
end

Answer 2

First of all, version 1.2 of acl9 ships with a generator for the migration needed for the roles table (as well as a few other goodies), see bin/rails g acl9:setup -h for more details.

Secondly, to explain these fields, Rails has a feature called polymorphic associations (read more about it here), which allow you to associate one model with any other model. acl9 uses this feature to enable to you apply a role on any other model you wish, in acl9 terminology we call those other models "objects" (read more about that here). All you need to do is include the acts_as_authorization_object call in your model and that allows you to do something like this:

user.has_role! :admin, school

And that user has the :admin role for that school (and only for that particular school). As per the polymorphic association feature the authorizable_id will contain the primary key of that school from your DB, and authorizable_type will contain the class name "School".