What Are Some Good Role Authorization Solutions Used with Authlogic

What are some good role authorization solutions used with Authlogic?

Acl9 works great with AuthLogic:

http://github.com/be9/acl9/tree/master

Authlogic and Roles

ACL9 is what i currently use for the authorization, authlogic is the best match so i think you will do fine with it.

Check out the following 2 links for instructions.

https://github.com/be9/acl9/wiki/Tutorial:-securing-a-controller

http://github.com/be9/acl9/tree/master

Authlogic with declarative authorizations - how to show the user role in the view?

As that tutorial goes, a user "has many" roles, but you are not logged in as a particular role at any one time, you have all of them assigned to you, and all of those assigned are valid all at once. They are linked from the user model:

models/user.rb

has_many :assignments
has_many :roles, :through => :assignments

So you could show all the roles with something like

<%= current_user.roles.join(', ') %>

Assuming that current_user is a helper method that gives the current logged in user model instance.

What is the best approach to setting up authentication\authorization system for corporate \ single user accounts in Rails?

I did some digging, and right now there is nothing like this available. At least not a as ready to use gem. Most people seem to just roll their own. I'll do the same here.

P.S.:

Not accepting the other answer as it is essentially the repeat of my question in a statement form. One of my professors used to fail students if they tried to give him answers like this.

declarative_authorization and authlogic problems

Apparently the application loads the rules of table roles properly, but don't load the config/authorization_rules.rb file correctly. Please check the file, his name and the syntax used.

Try to use the privileges section in authorization_rules.rb; like this:

privileges do
privilege :manage, :includes => [:create, :read, :update, :delete]
privilege :read, :includes => [:index, :show]
privilege :create, :includes => :new
privilege :update, :includes => :edit
privilege :delete, :includes => :destroy
end

And what about the Companies controller?


Good luck.

(Ruby,Rails) Role-based authentication and user management...?

There are a few out there. I have used:
http://github.com/DocSavage/rails-authorization-plugin/ for applications before in conjunction with restufl_authentication, but I believe it will work with any authentication that gives you a current_user method. On github there is also http://github.com/mdarby/restful_acl/ and http://github.com/danryan/role_model/, they are just role based stuff though I'd say not authentication as well.

The authentication and the access control role based stuff are all available as seperate plugins/gems to the best of my knowledge, and that's a good thing as they are different beasts. Not all apps that have authentication need to have ACL type stuff and even some that do only need a really simple am I an admin kind of thing rather than a full blown user roles thing. So I'd say if you want one that does it all you'll have to write, if you don't want to do that than I'd say a combination of either Authlogic or restful_authentication with on of the authorization plugins will do the trick quite nicely.

which is the most popular Ruby on Rails AUTHORIZATION gem/plugin at the moment?

I like Declarative Authorization There is a pretty good railscast for it as well

How should i implement authentication/authorization with multiple models using Rails?

Like you suggest, I would create a User model to handle authentication. Then you can create a one-to-one polymorphic relationship between the User model and your roles' models. Your User model will have to include role_type (which is a string) and role_id (which is an integer) attributes.

User.rb

class User < ActiveRecord::Base
belongs_to :role, :polymorphic => true
end

Admin.rb

class Admin < ActiveRecord::Base
has_one :role
end

You can test what class a user's role is and access its attributes. For example:

User.first.role.is_a? Admin
=> true
User.first.role.last_name
=> "Smith"

Protecting Content with AuthLogic

Make sure you have these methods in your application_controller.rb

def current_user_session
return @current_user_session if defined?(@current_user_session)
@current_user_session = UserSession.find
end

def current_user
return @current_user if defined?(@current_user)
@current_user = current_user_session && current_user_session.record
end

def require_user
unless current_user
store_location
flash[:notice] = "You must be logged in to access this page"
redirect_to new_user_session_url
return false
end
end

Then in your controllers you can use a before filter to limit access to pages

class ExamplesController < ActionController::Base
before_filter :require_user, :only => :private

def public
// some public stuff
end

def private
// some protected stuff
end
end


Related Topics



Leave a reply



Submit