Yesterday I was playing with how to do the authorization in rails? So I got a book called “Rails Recipes” page 141. they have a pretty nice tutorial talking about how to authorize.

But I have a little problem when I need to cancel the rights from role. because we don’t have a model represented rights_roles table. So how can we delete the record from that table in our controller. After I had a great help from my friend and looked up in Rails API a little bit. We found out that we can also do things like this

But first I’m going to show you the structure of role and right models.


class Right < ActiveRecord::Base

has_and_belongs_to_many :roles


Note: this tell us that Right has and belong to many roles


class Role < ActiveRecord::Base

has_and_belongs_to_many :users
has_and_belongs_to_many :rights


Note: Role has and belong to many users and rights

After we assigns right for role. it will record it into the table called “rights_roles”


Role_id (fk) Integer
Right_id (fk) Integer

Okay now is how you can delete record in rights_roles table without need a model.

def cancel_right
@right = Right.find(params[:id])
@role = Role.find(params[:role])

@role.rights.delete(@right) => get rights in the role object and delete which has been selected

redirect_to :action => “view_assign_right”, :id =>

*สำหรับภาษาไทยกด 1 ครับ อิอิ