Hi, I have a model which has objects which should have always their own password. If I want to edit object1 I will need password a. If I want to edit object2 I will need password b. What is the best way to implement this? I am not sure whether I can accomplish this with the traditional authorisation methods. Thanks for your help!
Rails List
2009-Sep-14 19:43 UTC
Re: How to protect editing objects with individual passwords?
Adrian D wrote:> Hi, > > I have a model which has objects which should have always their own > password. > > If I want to edit object1 I will need password a. > If I want to edit object2 I will need password b. > > What is the best way to implement this? I am not sure whether I can > accomplish this with the traditional authorisation methods. > > Thanks for your help!Best approach would be to add a password field to your model and take a password whenever an object is created, verify password when it is edited. -- Posted via http://www.ruby-forum.com/.
Robert Walker
2009-Sep-14 20:50 UTC
Re: How to protect editing objects with individual passwords
Adrian D wrote:> Hi, > > I have a model which has objects which should have always their own > password. > > If I want to edit object1 I will need password a. > If I want to edit object2 I will need password b. > > What is the best way to implement this? I am not sure whether I can > accomplish this with the traditional authorisation methods.Unless this is an isolated case, where you could hack something together, it sounds to me like you need support for Access Control Lists (ACL). Personally, I would not want to have each model aware of authorizations for itself. Authorization normally happens at a more abstract level. I have not yet had the need for full ACLs in any of my Rails projects. I am aware there are some ACL plugins/gems available. Since I haven''t used them I don''t have any recommendations. -- Posted via http://www.ruby-forum.com/.