thr3ads.net - Rails - Authorization [Apr 2005]

If this information is useful, please help other people find it:
Share via:

Michal Koudelka

2005-Apr-16 11:12 UTC

Authorization

Hi,

Maybe I ask again for something what is wasn''t able to find anything.

Is there simple way how to process authorizations?

My imagine is that some action for controllers are allowed only to few 
users. E. g. Everybody can look category list, but only registred user can 
edit or add.

In best way, when user is signup, rails will remember his rights like:

adding_category = false
adding_article = true

and so on..

It there some tool which do this or have I to write authorization mechanism 
by myself?

Sorry for my english and thank you for help :)

Michael


_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

Jarkko Laine

2005-Apr-16 11:28 UTC

head link

Re: Authorization

MIchal,

See
http://wiki.rubyonrails.com/rails/show/HowtoAuthenticate
and
http://wiki.rubyonrails.com/rails/show/ 
AuthenticationWithAbstractApplicationController

//jarkko

On 16.4.2005, at 14:12, Michal Koudelka wrote:
> Hi,
>
>  Maybe I ask again for something what is wasn''t able to find
anything.
>
>  Is there simple way how to process authorizations?
>
>  My imagine is that some action for controllers are allowed only to  
> few users. E. g. Everybody can look category list, but only registred  
> user can edit or add.
>
>  In best way, when user is signup, rails will remember his rights like:
>
>  adding_category = false
>  adding_article = true
>
>  and so on..
>
>  It there some tool which do this or have I to write authorization  
> mechanism by myself?
>
>  Sorry for my english and thank you for help :)
>
>  Michael
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>--
Jarkko Laine
http://jlaine.net
http://odesign.fi


_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

Brian L.

2005-Apr-18 15:09 UTC

head link

Re: Authorization

I am not overly familiar with the login generator (but this is also a
good place to start).

I usually use token based permissions. Each user has a field in their
db model called ''tokens'' that''s a space or comma
separated list of
words which describe what they can do. Then I put a helper method in
the application controller called has_token?(token) which queries the
current user object and returns true if they have the token. It
returns false if no one is logged in and true for any token if the
:admin token is present.

This isn''t quite as fine-grained as, say, ACL''s, but it does
get the
job done in a lot of cases. Once you have you users logged in, it''s
<10 lines of code to implement a token-based system like the one
I''ve
described.

If it''s not clear what I''ve described, I can dig up some code
for you.

Brian

On 4/16/05, Jarkko Laine <jarkko-k1O+Gnc6WpmsTnJN9+BGXg@public.gmane.org>
wrote:> MIchal,
> 
> See
> http://wiki.rubyonrails.com/rails/show/HowtoAuthenticate
> and
> http://wiki.rubyonrails.com/rails/show/
> AuthenticationWithAbstractApplicationController
> 
> //jarkko
> 
> On 16.4.2005, at 14:12, Michal Koudelka wrote:
> 
> > Hi,
> >
> >  Maybe I ask again for something what is wasn''t able to find
anything.
> >
> >  Is there simple way how to process authorizations?
> >
> >  My imagine is that some action for controllers are allowed only to
> > few users. E. g. Everybody can look category list, but only registred
> > user can edit or add.
> >
> >  In best way, when user is signup, rails will remember his rights
like:
> >
> >  adding_category = false
> >  adding_article = true
> >
> >  and so on..
> >
> >  It there some tool which do this or have I to write authorization
> > mechanism by myself?
> >
> >  Sorry for my english and thank you for help :)
> >
> >  Michael
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> --
> Jarkko Laine
> http://jlaine.net
> http://odesign.fi
> 
> 
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 
> 
> 
> 

-- 
The years ahead pick up their dark bags.
They move closer. There''s a slight rise in the silence

then nothing.
--
(If you''re receiving this in response to mail sent to
bluczkie-OM76b2Iv3yLQjUSlxSEPGw@public.gmane.org, don''t be concerned
This is my new address,
but mail will be forwarded here indefinitely)

Reasonably Related Threads

Search for more possibly parallel threads

Rails - Apr 2005 - Authorization

Authorization

Re: Authorization

Re: Authorization

Reasonably Related Threads