thebrianrussell-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Aug-07 00:35 UTC
Field Level Security
Could someone point me in a direction on how to apply field level security to my Rails app? Basically I have an update action on my controller, but based on the permissions of the person logged in, I want to control what fields they can update. Of course the model object should enforce this security as well as disabling the controls on the view if they don''t have the permissions to edit it. I have been through the Simple Access Control Example (http:// wiki.rubyonrails.org/rails/pages/SimpleAccessControlExample) which is good for applying permissions for whole actions, but I really need to go more granular sometimes. Thanks, Brian R --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Aug 6, 2007, at 19:35 , thebrianrussell-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote:> Of course the model > object should enforce this security as well as disabling the controls > on the view if they don''t have the permissions to edit it.You might want to take a look at Bruce Perens'' ModelSecurity for some ideas. http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html Hobo might also have something along these lines, but I haven''t checked it out yet. http://hobocentral.net/ Michael Glaesemann grzm seespotcode net --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---