Rails - Jun 2006 - Authorization Plugin 1.0 release candidate + 3 test apps

In honor of RailsConf, I''m releasing an authorization plugin with 3
test apps that show you how to use the system. A reasonably lengthy
description can be found here:
http://www.writertopia.com/developers/authorization

I will also be talking about the plugin''s architecture in my RailsConf
talk on Saturday.

Some features:
- Nice English-like way of expressing permissions through roles and
the objects which give the scope of the roles. You can say things
like:
permit "(matz or dhh) and interested in Answers"

- The plugin easily handles roles associated with particular model
instances. You can handle a moderator of meeting #23 as easily as you
can handle a user being a general "site admin".

- You can choose how much database you''ll use for the roles (and the
complexity of your authorization system) through a choice of mixins.
Each mixin provides "acts_as_authorized_user" for your User-like
object and "acts_as_authorizable" for your authorizable objects.

- The test apps include an integration test with a simple DSL
developed after reading Chad Fowler''s most excellent Rails Recipe
book. The object_roles_test app might be useful as a scaffold for new
apps that want authentication and authorization.

- It''s reasonably easy to hook into existing authentication systems.

-Bill

On Jun 22, 2006, at 12:23 AM, Bill Katz wrote:
> In honor of RailsConf, I''m releasing an authorization plugin with
3
> test apps that show you how to use the system. A reasonably lengthy
> description can be found here:
> http://www.writertopia.com/developers/authorization
>
> I will also be talking about the plugin''s architecture in my
RailsConf
> talk on Saturday.
>
> Some features:
> - Nice English-like way of expressing permissions through roles and
> the objects which give the scope of the roles. You can say things
> like:
> permit "(matz or dhh) and interested in Answers"
>
> - The plugin easily handles roles associated with particular model
> instances. You can handle a moderator of meeting #23 as easily as you
> can handle a user being a general "site admin".
>
> - You can choose how much database you''ll use for the roles (and
the
> complexity of your authorization system) through a choice of mixins.
> Each mixin provides "acts_as_authorized_user" for your User-like
> object and "acts_as_authorizable" for your authorizable objects.
>
> - The test apps include an integration test with a simple DSL
> developed after reading Chad Fowler''s most excellent Rails Recipe
> book. The object_roles_test app might be useful as a scaffold for new
> apps that want authentication and authorization.
>
> - It''s reasonably easy to hook into existing authentication
systems.
>
> -Bill
Bill-

	Very cool. Congrats on the release. Looking forward to the talk!

-Ezra

On Thursday, June 22, 2006, at 12:23 AM, Bill Katz
wrote:
>In honor of RailsConf, I''m releasing an authorization plugin with 3
>test apps that show you how to use the system. A reasonably lengthy
>description can be found here:
>http://www.writertopia.com/developers/authorization
>
>I will also be talking about the plugin''s architecture in my
RailsConf
>talk on Saturday.
>
>Some features:
>- Nice English-like way of expressing permissions through roles and
>the objects which give the scope of the roles. You can say things
>like:
>permit "(matz or dhh) and interested in Answers"
>
>- The plugin easily handles roles associated with particular model
>instances. You can handle a moderator of meeting #23 as easily as you
>can handle a user being a general "site admin".
>
>- You can choose how much database you''ll use for the roles (and
the
>complexity of your authorization system) through a choice of mixins.
>Each mixin provides "acts_as_authorized_user" for your User-like
>object and "acts_as_authorizable" for your authorizable objects.
>
>- The test apps include an integration test with a simple DSL
>developed after reading Chad Fowler''s most excellent Rails Recipe
>book. The object_roles_test app might be useful as a scaffold for new
>apps that want authentication and authorization.
>
>- It''s reasonably easy to hook into existing authentication
systems.
>
>-Bill
>_______________________________________________
>Rails mailing list
>Rails@lists.rubyonrails.org
>http://lists.rubyonrails.org/mailman/listinfo/rails
Good stuff, particularly the record level authorization stuff.

I took a quick look through the plugin and didn''t see any helpers for
views.
Using the ''user_engine'', you can do things like...

link_if_authorized
and
current_user.authorized?

...to make your views appropriate for the user.  Can you do this with  
this system?
(I may have missed it, haven''t finished my coffee yet.)

_Kevin

-- 
Posted with http://DevLists.com.  Sign up and save your mailbox.

On 22 Jun 2006 12:10:52 -0000, Kevin Olbrich
<devlists-rubyonrails@devlists.com> wrote:
>
> Good stuff, particularly the record level authorization stuff.
>
> I took a quick look through the plugin and didn''t see any helpers
for views.
> Using the ''user_engine'', you can do things like...
>
> link_if_authorized
> and
> current_user.authorized?
>
> ...to make your views appropriate for the user.  Can you do this with
> this system?
> (I may have missed it, haven''t finished my coffee yet.)
>
> _Kevin
Kevin,
Take a look at the init.rb for the plugin:
http://svn.writertopia.com/svn/plugins/authorization/init.rb

You''ll see that the ControllerInstanceMethods module, which contains
permit and permit?, are mixed into ActionView. This allows you to do
things like:

link if permit?("member of :workshop and not crazy")

A slightly older form of the plugin is used in an open sourced
biomedical resource directory called Simbiome
(http://www.simbiome.org). If you look at the view code for a
resource, Jon Dugan (the main programmer for Simbiome, recently
converted to Ruby from Perl) used a view-side permit to show an "edit
this resource" link:

https://simtk.org/websvn/wsvn/simbiome/trunk/rails/app/views/resource/show.rhtml

The permit methods automatically don''t redirect when the object
doesn''t support it.
-Bill

On Thursday, June 22, 2006, at 8:54 AM, Bill Katz wrote:
>On 22 Jun 2006 12:10:52 -0000, Kevin Olbrich
><devlists-rubyonrails@devlists.com> wrote:
>>
>> Good stuff, particularly the record level authorization stuff.
>>
>> I took a quick look through the plugin and didn''t see any
helpers
>>for views.
>> Using the ''user_engine'', you can do things like...
>>
>> link_if_authorized
>> and
>> current_user.authorized?
>>
>> ...to make your views appropriate for the user.  Can you do this with
>> this system?
>> (I may have missed it, haven''t finished my coffee yet.)
>>
>> _Kevin
>
>Kevin,
>Take a look at the init.rb for the plugin:
>http://svn.writertopia.com/svn/plugins/authorization/init.rb
>
>You''ll see that the ControllerInstanceMethods module, which
contains
>permit and permit?, are mixed into ActionView. This allows you to do
>things like:
>
>link if permit?("member of :workshop and not crazy")
>
>A slightly older form of the plugin is used in an open sourced
>biomedical resource directory called Simbiome
>(http://www.simbiome.org). If you look at the view code for a
>resource, Jon Dugan (the main programmer for Simbiome, recently
>converted to Ruby from Perl) used a view-side permit to show an "edit
>this resource" link:
>
>https://simtk.org/websvn/wsvn/simbiome/trunk/rails/app/views/
>resource/show.rhtml
>
>The permit methods automatically don''t redirect when the object
>doesn''t support it.
>-Bill
>_______________________________________________
>Rails mailing list
>Rails@lists.rubyonrails.org
>http://lists.rubyonrails.org/mailman/listinfo/rails
Ah, cool!
I''ll have to take a closer look now.

_Kevin

-- 
Posted with http://DevLists.com.  Sign up and save your mailbox.