Thomas Leavitt
2005-Nov-07 07:53 UTC
Help re: limiting access to content in database by login
Here''s the scoop... I''m coding an app where users are going to enter (and update) content to be viewed on a web site. They need to be able to a) login b) CRUD their content c) their CRUD capabilities need to be limited to content created by their login (so that one user can''t change another''s content) Not too exotic. Been done a thousand times before. I was about to create my own "login" system, when the "done a thousand times before" thought occured to me, and I found the "LoginGenerator" code. After a bit of a hassle (mostly due to my own errant typing and insistence on using my own database table names), I got that working. Cool. Ruby on Rails takes care of the CRUD, cool. Next step is to implement code that will restrict users to content they''ve created. Database schema has that all lined up. I''m sure I can code something myself to handle this, but... it''s been done a thousand times before. LoginGeneratorACLSystem seems to be the logical next step, but looking at it closely, that isn''t what I want. I don''t care about limiting access to functionality, and capabilities and roles and all that b.s. I care about making sure that only the login who created a particular set of content can modify that content. Any pointers on where to look? Also, along the same lines - is there a tutorial on handling joins, or sample code i can look at... here''s an example of how my database schema is set up: logins table login password id contacts table emailaddress login_id id (several other tables have content that is associated with an id) when I do /contacts/new I want the login_id field to automatically have the login table id filled in... and I want the method to ensure that the login_id in the form submitted is the same one as the login id of the user submitting the form. Again, I''m sure I can figure this out, but it''d accelerate the process immensely if someone more in the know could point me to where to start. This is going to turn into the back end of a real world web based service/application that I intend to deploy in prototype form (with the goal of getting it funded shortly thereafter). Regards, Thomas Leavitt My background: I''m a hacker, a little bit of formal college education in Pascal and C, a lot of regular expressions via self-paced VILEARN tutorial, a heckuva lot of Perl coding on the job a while back, and a bit of PHP here and there. Plus a ton of SQL query coding a while back (with only a little bit of database design, although I get the core principles). No OO coding of any serious nature. Self-trained, basically, but I''m pretty confident about my ability to pick up stuff. I saw the article about Ruby on Rails on News.com, and was intrigued - radically simple / 85% of perfection is right up my line, philosophically. I walked through the ONLAMP Cookbook tutorial, and was like, "Holy granola! It worked! This is so friggin'' cool." The only thing cooler would be if Ruby on Rails had a vehicle for creating the database back end so I didn''t have to pull out another tool to do that. Side question: is there an open source, SIMPLE and functional database design/creation tool out there? I''m using "knoda", but it crashes constantly and has some annoying traits that I''d rather not deal with (i.e., i have a table edit window open, and I click on the tablename elsewhere and instead of bringing the current edit window to the front, it opens up a duplicate window).
Simon Santoro
2005-Nov-07 10:20 UTC
Re: Help re: limiting access to content in database by login
Thomas Leavitt wrote:> Here''s the scoop...Have a look at ModelSecurity http://perens.com/FreeSoftware/ModelSecurity/ http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html It looks like it''s what you are looking for -- +S2