Hi All, I want to authorize user according to role he has. I found some rails plugins, ActiveRBAC ActiveACL anybody has used them (how was it), or can provide little info (hints) how to go about role based authentication. I''ll appreciate if anyone helps me with this. Regards Gaurav --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
gaurav v bagga wrote:> Hi All, > > I want to authorize user according to role he has. I found some rails > plugins, > > ActiveRBAC > ActiveACL > > anybody has used them (how was it), or can provide little info (hints) > how to go about role based authentication. > I''ll appreciate if anyone helps me with this. > > Regards > GauravWhat I do? I add new column in the Users table, and call it "status" which has different enum(''user'', ''moderator'', ''admin'') Then in my controller, I would use: before_filer :is_admin, :only => %w(this_method) :) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> What I do? > > I add new column in the Users table, and call it "status" which has > different enum(''user'', ''moderator'', ''admin'') > > Then in my controller, I would use: > > before_filer :is_admin, :only => %w(this_method) > > :) > > --Thanks Jamal that was nice input. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, I am facing another problem, I am not able to install above mentioned plugins, as I have to evaluate them and finally conclude how to go about this. Has anyone successfully implemented any thing recently using those plugins? i.e.. ActiveRBAC ActiveACL Gaurav --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
You could do something like
def check_authentication
unless session[:user]
redirect_to :controller => "login", :action =>
"signin_form"
return
end
end
# The authorization check uses the ruby detect function to great
effect. Assumes each user has multiple roles and each of these roles
can be assigned to multiple rights. Rights are defined as a controller-
action combination and stored in the database in tables roles and
rights.
def check_authorization
user = User.find(session[:user])
unless user.roles.detect{|role|
role.rights.detect{|right|
right.action == action_name && right.controller == controller_name
}
}
flash[:notice] = "You are not authorized to access Controller: " +
controller_name + " Action: " + action_name
session[:prev_controller]="error" unless session[:prev_controller]
session[:prev_action] ="no_access" unless session[:prev_action]
redirect_to :controller => session[:prev_controller], :action =>
session[:prev_action]
return
end
session[:prev_controller] = controller_name
session[:prev_action] = action_name
end
This works out for me. Wherever you want this checked add
before_filter
before_filter :check_authentication, :check_authorization
Regards,
Rajesh
On Mar 14, 4:22 pm, "gaurav v bagga"
<gaurav.v.ba...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> Hi,
>
> I am facing another problem, I am not able to install above
> mentioned plugins, as I have to
> evaluate them and finally conclude how to go about this.
>
> Has anyone successfully implemented any thing recently using those
> plugins? i.e..
>
> ActiveRBAC
> ActiveACL
>
> Gaurav
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
gaurav v bagga wrote:> Hi, > > I am facing another problem, I am not able to install above > mentioned plugins, as I have to > evaluate them and finally conclude how to go about this. > > Has anyone successfully implemented any thing recently using those > plugins? i.e.. > > ActiveRBAC > ActiveACL > > GauravSorry, I don''t know how to use these plugins :) -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I use activeRBAC for a large project I''m currently working on. After having had it in place for 6 months, it looks nothing like it did. Great start and I like the Group/Role management interfaces and how it reports on how many users are in each. If you are looking for an rbac, it works great. There is also a nice PDF doc for it that would give you some more insight into it. I like it, but it is a pretty large plugin, so you will likely modify it which some of it is easily done through mixins and overriding the views and controller functions. Someone correct me if I''m wrong, but I don''t think it is actively developed anymore (I could not really update anyway.) In short. I would recommend it. Fredrik On Mar 14, 8:40 am, Jamal Soueidan <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> gaurav v bagga wrote: > > Hi, > > > I am facing another problem, I am not able to install above > > mentioned plugins, as I have to > > evaluate them and finally conclude how to go about this. > > > Has anyone successfully implemented any thing recently using those > > plugins? i.e.. > > > ActiveRBAC > > ActiveACL > > > Gaurav > > Sorry, I don''t know how to use these plugins :) > > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks Rajesh for help, Well Fredrik> but I don''t think it is actively developed anymore (I could not really update anyway.)I tried to install it but in vane, then I tried to access the repository given on its site through svn (radrails) could get it but how to make it work. The controllers,views had files and I ran the migration script and models were also present. But when I tried access http://localhost:3000/active_arbac/login or http://localhost:3000/active_arbac/registration it dint work.It complains of something not being initialized. I have not used any plugins before how to get it running any idea. Gaurav --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I''ve been looking into Goldberg for this. http://goldberg.240gl.org It looks like a powerful, flexible, and de-coupled solution for role based authentication. "Goldberg is essentially just a before_filter that checks to see whether the user has the permissions to perform the incoming action. This includes AJAX requests etc. " I''m curious if anyone reading this has any experience or comments about that project. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, Thanks all for replies. Yesterday I tried goldberg and it fits my need so got over the dilemma :). Regards, Guarav --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---