Hi
we are creating small site on Rails which fits perfectly into REST
model. One of our futures is security model with roles. In general,
there are 3 types of users: standard, power-user and administrator. We
need also to have different admin users with different roles. Also in
other hand some users can have API access via RESTFUL interface.
Currently we are having standard CRUD interface via rest , something
similar to scaffold generated code:
def index
@data = SomeCodeWhichLoadData()
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @profiles }
end
end
My problem is that i need to have standard rights (is user loged in),
plus rights to check if user can have access to html parts (admin v.s.
user v.s. power-user) and also part where i can limit some REST API to
some users.
Is there any standard (Rails) way for doing this? Any ideas how to fit
user rights model into rails app?
Best
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On 18 March 2010 10:30, Pasalic Zaharije <pasalic.zaharije-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Is there any standard (Rails) way for doing this? Any ideas how to fit > user rights model into rails app?Googling for "rails role based permissions" will give you several articles discussing this problem. The solution seems to be a) to roll your own, or b) use Aegis (or the newer CanCan) to handle it for you. I''m using Aegis in my main current project, in combination with Clearance for authentication, but reading the CanCan docs, I''m very tempted to use that next time as it. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Michael Pavling wrote:> On 18 March 2010 10:30, Pasalic Zaharije <pasalic.zaharije-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> > wrote: >> Is there any standard (Rails) way for doing this? Any ideas how to fit >> user rights model into rails app? > > Googling for "rails role based permissions" will give you several > articles discussing this problem. > The solution seems to be a) to roll your own, or b) use Aegis (or the > newer CanCan) to handle it for you. > > I''m using Aegis in my main current project, in combination with > Clearance for authentication, but reading the CanCan docs, I''m very > tempted to use that next time as it.Declarative Authorization is another good option -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.