I am working on an app that has three roles (user, admin, business). I have the situation where all three roles interact with the same controller, but have access to different actions. Some actions are authorized for 2 roles (admin, business), and others are only authorized for one role (administrator). Does anyone know if there is a commonly used pattern for security on a per action basis? What I would like to do is be able to map which roles are authorized to call which actions and be able to call a :before_filter in my controller. In my head I''m thinking of something like before_filter :authorize_action => :except [:public_action1, :public_action2] Thanks for any input. -- Posted via http://www.ruby-forum.com/.
Consider restful_authentication and rolerequirement http://code.google.com/p/rolerequirement/ On May 26, 4:01 pm, Mike Buckley <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> I am working on an app that has three roles (user, admin, business). I > have the situation where all three roles interact with the same > controller, but have access to different actions. Some actions are > authorized for 2 roles (admin, business), and others are only authorized > for one role (administrator). > > Does anyone know if there is a commonly used pattern for security on a > per action basis? > > What I would like to do is be able to map which roles are authorized to > call which actions and be able to call a :before_filter in my > controller. > > In my head I''m thinking of something like > > before_filter :authorize_action => :except [:public_action1, > :public_action2] > > Thanks for any input. > -- > Posted viahttp://www.ruby-forum.com/.
BenH wrote:> Consider restful_authenticationYup. Or authlogic.> and rolerequirement > http://code.google.com/p/rolerequirement/Or rails_authorization. There are probably other plugins as well -- these are *very* common tasks. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
Thanks for the links. Very appreciated. I will take a look at these *very* common tasks. Marnen Laibow-Koser wrote:> BenH wrote: >> Consider restful_authentication > > Yup. Or authlogic. > >> and rolerequirement >> http://code.google.com/p/rolerequirement/ > > Or rails_authorization. > > There are probably other plugins as well -- these are *very* common > tasks. > > Best, > -- > Marnen Laibow-Koser > http://www.marnen.org > marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org-- Posted via http://www.ruby-forum.com/.