What are some good role authorization solutions used with Authlogic?
Acl9 works great with AuthLogic:
http://github.com/be9/acl9/tree/master
Authlogic and Roles
ACL9 is what i currently use for the authorization, authlogic is the best match so i think you will do fine with it.
Check out the following 2 links for instructions.
https://github.com/be9/acl9/wiki/Tutorial:-securing-a-controller
http://github.com/be9/acl9/tree/master
Authlogic with declarative authorizations - how to show the user role in the view?
As that tutorial goes, a user "has many" roles, but you are not logged in as a particular role at any one time, you have all of them assigned to you, and all of those assigned are valid all at once. They are linked from the user model:
models/user.rb
has_many :assignments
has_many :roles, :through => :assignments
So you could show all the roles with something like
<%= current_user.roles.join(', ') %>
Assuming that current_user is a helper method that gives the current logged in user model instance.
What is the best approach to setting up authentication\authorization system for corporate \ single user accounts in Rails?
I did some digging, and right now there is nothing like this available. At least not a as ready to use gem. Most people seem to just roll their own. I'll do the same here.
P.S.:
Not accepting the other answer as it is essentially the repeat of my question in a statement form. One of my professors used to fail students if they tried to give him answers like this.
declarative_authorization and authlogic problems
Apparently the application loads the rules of table roles properly, but don't load the config/authorization_rules.rb file correctly. Please check the file, his name and the syntax used.
Try to use the privileges section in authorization_rules.rb; like this:
privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end
And what about the Companies controller?
Good luck.
(Ruby,Rails) Role-based authentication and user management...?
There are a few out there. I have used:
http://github.com/DocSavage/rails-authorization-plugin/ for applications before in conjunction with restufl_authentication, but I believe it will work with any authentication that gives you a current_user method. On github there is also http://github.com/mdarby/restful_acl/ and http://github.com/danryan/role_model/, they are just role based stuff though I'd say not authentication as well.
The authentication and the access control role based stuff are all available as seperate plugins/gems to the best of my knowledge, and that's a good thing as they are different beasts. Not all apps that have authentication need to have ACL type stuff and even some that do only need a really simple am I an admin kind of thing rather than a full blown user roles thing. So I'd say if you want one that does it all you'll have to write, if you don't want to do that than I'd say a combination of either Authlogic or restful_authentication with on of the authorization plugins will do the trick quite nicely.
which is the most popular Ruby on Rails AUTHORIZATION gem/plugin at the moment?
I like Declarative Authorization There is a pretty good railscast for it as well
How should i implement authentication/authorization with multiple models using Rails?
Like you suggest, I would create a User model to handle authentication. Then you can create a one-to-one polymorphic relationship between the User model and your roles' models. Your User model will have to include role_type (which is a string) and role_id (which is an integer) attributes.
User.rb
class User < ActiveRecord::Base
belongs_to :role, :polymorphic => true
end
Admin.rb
class Admin < ActiveRecord::Base
has_one :role
end
You can test what class a user's role is and access its attributes. For example:
User.first.role.is_a? Admin
=> true
User.first.role.last_name
=> "Smith"
Protecting Content with AuthLogic
Make sure you have these methods in your application_controller.rb
def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end
def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end
def require_user
unless current_user
store_location
flash[:notice] = "You must be logged in to access this page"
redirect_to new_user_session_url
return false
end
end
Then in your controllers you can use a before filter to limit access to pages
class ExamplesController < ActionController::Base
before_filter :require_user, :only => :private
def public
// some public stuff
end
def private
// some protected stuff
end
end
Related Topics
How to Programmatically Check If a Certificate Has Been Revoked
Rails Render of Partial and Layout in Controller
Check If Array of Integers Increments in Ruby
What Is the Purpose of the Enumerator Class in Ruby
Twitter 3-Legged Authorization in Ruby
How to Force a Gem's Dependencies in Gemfile
Undefined Method Pluralize for Main:Object
Rails: Violates Foreign Key Constraint
How to Tell Which Openssl Lib Is Actually Being Used by an Rvm-Installed Ruby
Ruby Variable as Same Object (Pointers)
How to Do "Late" String Interpolation in Ruby
Ruby on Rails Map.Root Doesn't Seem to Be Working
What Are the Differences Between Lazy, Greedy and Possessive Quantifiers
(New to Rails) Rails Server Error: Cannot Load Such File -- Bootsnap/Setup (Loaderror)
How to Best Handle Per-Model Database Connections with Activerecord