ruby-on-rails – 在控制器中执行权限检查的最佳方法.

before_filter :authenticate,:only => [:new,:create,:show,:edit,:update,:destroy,:delete]
before_filter :check_league_existence
before_filter :check_league_relation_existence,:except => [:new,:index]
before_filter :check_ownership,:only => [:delete,:destroy]
before_filter :check_user_joinability,:create]
before_filter :require_moderator,:only => [:edit,:update]

我的过滤器看起来像这样：

def check_league_relation_existence
  raise ActiveRecord::RecordNotFound.new('Not Found') unless current_league_relation && current_league.league_relations.include?(current_league_relation)
end

def check_ownership
  raise ActionController::RoutingError.new('You do not own this league relation. Permission Denied.') unless current_league_relation.user == current_user || current_user_league_relation.moderator?
end

现在这个系统在某种程度上确实有效,但是它有很多问题.其中最大的两个是：1)很难理解发生了什么,因为有太多的过滤器,2)我不知道如何为此编写功能测试,因为在测试未授权时总是会收到错误访问.有没有人有更好的方法来检查权限？