Rails - May 2005 - Very simple roles access with login generator

I''m using the login generator to perform authentication, and now
I''d
like to implement simple role-based access.  I''ll have two types of
users - regular and admin - and admins can do everything, users can
only do certain things.  How can I restrict access to particular
actions to only admins?  Looking at the login_system.rb code, it says
I can implement #authorize?.  If I do that though, then it applies to
all actions that are protected.  I''d like some actions to have a
second level of authorization, to ensure that only admins can access
them.  How can I do that?

Pat Maddox wrote:
>I''m using the login generator to perform authentication, and now
I''d
>like to implement simple role-based access.  I''ll have two types of
>users - regular and admin - and admins can do everything, users can
>only do certain things.  How can I restrict access to particular
>actions to only admins?  Looking at the login_system.rb code, it says
>I can implement #authorize?.  If I do that though, then it applies to
>all actions that are protected.  I''d like some actions to have a
>second level of authorization, to ensure that only admins can access
>them.  How can I do that?
>_______________________________________________
>
I''ve just done this, and all I did was to allow the user to login using
the login generator stuff and then write another filter which checks to 
see if that user has the correct role or not. Not "correct" but it 
worked fine. I can post code if you want.

Would you mind posting the code?  I''d really appreciate it




On 5/9/05, Colin Ramsay
<colinramsay-BFpX1XrDWuBdtzWjJqcUOrVCufUGDwFn@public.gmane.org>
wrote:
> Pat Maddox wrote:
> 
> >I''m using the login generator to perform authentication, and
now I''d
> >like to implement simple role-based access.  I''ll have two
types of
> >users - regular and admin - and admins can do everything, users can
> >only do certain things.  How can I restrict access to particular
> >actions to only admins?  Looking at the login_system.rb code, it says
> >I can implement #authorize?.  If I do that though, then it applies to
> >all actions that are protected.  I''d like some actions to have
a
> >second level of authorization, to ensure that only admins can access
> >them.  How can I do that?
> >_______________________________________________
> >
> I''ve just done this, and all I did was to allow the user to login
using
> the login generator stuff and then write another filter which checks to
> see if that user has the correct role or not. Not "correct" but
it
> worked fine. I can post code if you want.
> 
>

I second that request.. about to implement that very thing myself.  if 
anyone else has some great code to share, we''d love it!  thanks

jason


Pat Maddox wrote:
>Would you mind posting the code?  I''d really appreciate it
>
>
>
>
>On 5/9/05, Colin Ramsay
<colinramsay-BFpX1XrDWuBdtzWjJqcUOrVCufUGDwFn@public.gmane.org> wrote:
>  
>
>>Pat Maddox wrote:
>>
>>    
>>
>>>I''m using the login generator to perform authentication,
and now I''d
>>>like to implement simple role-based access.  I''ll have two
types of
>>>users - regular and admin - and admins can do everything, users can
>>>only do certain things.  How can I restrict access to particular
>>>actions to only admins?  Looking at the login_system.rb code, it
says
>>>I can implement #authorize?.  If I do that though, then it applies
to
>>>all actions that are protected.  I''d like some actions to
have a
>>>second level of authorization, to ensure that only admins can access
>>>them.  How can I do that?
>>>_______________________________________________
>>>
>>>      
>>>
>>I''ve just done this, and all I did was to allow the user to
login using
>>the login generator stuff and then write another filter which checks to
>>see if that user has the correct role or not. Not "correct"
but it
>>worked fine. I can post code if you want.
>>
>>
>>    
>>
>_______________________________________________
>Rails mailing list
>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>http://lists.rubyonrails.org/mailman/listinfo/rails
>
>  
>

_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

I too am planning on this, and have been experimenting some, for the  
login generator. Since so many people seem interested, does it make  
sense to collect some requirements from various people who may use it  
before starting? Does anyone want to collaborate on something like this?

On May 9, 2005, at 12:12 PM, jason lynes :: senyl.com wrote:
> I second that request.. about to implement that very thing myself.   
> if anyone else has some great code to share, we''d love it!  thanks
>
> jason
>
>
> Pat Maddox wrote:
>> Would you mind posting the code?  I''d really appreciate it
>>
>>
>>
>>
>> On 5/9/05, Colin Ramsay
<colinramsay-BFpX1XrDWuBdtzWjJqcUOrVCufUGDwFn@public.gmane.org> wrote:
>>
>>> Pat Maddox wrote:
>>>
>>>
>>>> I''m using the login generator to perform
authentication, and now
>>>> I''d
>>>> like to implement simple role-based access.  I''ll have
two types of
>>>> users - regular and admin - and admins can do everything, users
can
>>>> only do certain things.  How can I restrict access to
particular
>>>> actions to only admins?  Looking at the login_system.rb code,
it
>>>> says
>>>> I can implement #authorize?.  If I do that though, then it  
>>>> applies to
>>>> all actions that are protected.  I''d like some actions
to have a
>>>> second level of authorization, to ensure that only admins can  
>>>> access
>>>> them.  How can I do that?
>>>> _______________________________________________
>>>>
>>>>
>>> I''ve just done this, and all I did was to allow the user
to login
>>> using
>>> the login generator stuff and then write another filter which  
>>> checks to
>>> see if that user has the correct role or not. Not
"correct" but it
>>> worked fine. I can post code if you want.
>>>
>>>
>>>
>> _______________________________________________
>> Rails mailing list
>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>> http://lists.rubyonrails.org/mailman/listinfo/rails
>>
>>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>


_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

i''m in.   i''ll donate a basecamp project to it.

just found this: 
http://wiki.rubyonrails.com/rails/show/AccessControlListExample

personally i need to move pretty quickly on this, as i have a project 
due next Monday that requires it.  if you''re interested in working on 
it, email me back and i''ll add you to the basecamp project, and
we''ll
set out requirements and split the work to get it done. 

jason


Joseph Hosteny wrote:
> I too am planning on this, and have been experimenting some, for the 
> login generator. Since so many people seem interested, does it make 
> sense to collect some requirements from various people who may use it 
> before starting? Does anyone want to collaborate on something like this?
>
> On May 9, 2005, at 12:12 PM, jason lynes :: senyl.com wrote:
>
>> I second that request.. about to implement that very thing myself.  
>> if anyone else has some great code to share, we''d love it! 
thanks
>>
>> jason
>>
>>
>> Pat Maddox wrote:
>>
>>>Would you mind posting the code?  I''d really appreciate it
>>>
>>>
>>>
>>>
>>>On 5/9/05, Colin Ramsay
<colinramsay-BFpX1XrDWuBdtzWjJqcUOrVCufUGDwFn@public.gmane.org> wrote:
>>>  
>>>
>>>>Pat Maddox wrote:
>>>>
>>>>    
>>>>
>>>>>I''m using the login generator to perform
authentication, and now I''d
>>>>>like to implement simple role-based access.  I''ll
have two types of
>>>>>users - regular and admin - and admins can do everything,
users can
>>>>>only do certain things.  How can I restrict access to
particular
>>>>>actions to only admins?  Looking at the login_system.rb
code, it says
>>>>>I can implement #authorize?.  If I do that though, then it
applies to
>>>>>all actions that are protected.  I''d like some
actions to have a
>>>>>second level of authorization, to ensure that only admins
can access
>>>>>them.  How can I do that?
>>>>>_______________________________________________
>>>>>
>>>>>      
>>>>>
>>>>I''ve just done this, and all I did was to allow the
user to login using
>>>>the login generator stuff and then write another filter which
checks to
>>>>see if that user has the correct role or not. Not
"correct" but it
>>>>worked fine. I can post code if you want.
>>>>
>>>>
>>>>    
>>>>
>>>_______________________________________________
>>>Rails mailing list
>>>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>>>http://lists.rubyonrails.org/mailman/listinfo/rails
>>>
>>>  
>>>
>> _______________________________________________
>> Rails mailing list
>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
<mailto:Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org>
>> http://lists.rubyonrails.org/mailman/listinfo/rails
>>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Rails mailing list
>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>http://lists.rubyonrails.org/mailman/listinfo/rails
>  
>

_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

I would not mind being involved. I had been experimenting myself with
a generic authentication+authorization architecture that would also
plug into other authentication systems (HTTP auth, TypeKey, etc) as
well as login generator, but with a unified API layer, so selecting an
authentication method is as simple as changing one config statement.

My big dreams included ActiveRecord integration and some interesting
(to me) authorization hooks.  So yeah, I''m definitely interested.

-dave

On 5/9/05, Joseph Hosteny <jhosteny-ee4meeAH724@public.gmane.org>
wrote:
> I too am planning on this, and have been experimenting some, for the login
> generator. Since so many people seem interested, does it make sense to
> collect some requirements from various people who may use it before
> starting? Does anyone want to collaborate on something like this?
> 
> 
> On May 9, 2005, at 12:12 PM, jason lynes :: senyl.com wrote:
> 
>  I second that request.. about to implement that very thing myself.  if
> anyone else has some great code to share, we''d love it!  thanks
>  
>  jason
>  
>  
>  Pat Maddox wrote: 
>  Would you mind posting the code? I''d really appreciate it
> 
> 
> 
> 
> On 5/9/05, Colin Ramsay
<colinramsay-BFpX1XrDWuBdtzWjJqcUOrVCufUGDwFn@public.gmane.org>
> wrote:
>  
>  
>  Pat Maddox wrote:
> 
>  
>  
>  I''m using the login generator to perform authentication, and now
I''d
> like to implement simple role-based access. I''ll have two types of
> users - regular and admin - and admins can do everything, users can
> only do certain things. How can I restrict access to particular
> actions to only admins? Looking at the login_system.rb code, it says
> I can implement #authorize?. If I do that though, then it applies to
> all actions that are protected. I''d like some actions to have a
> second level of authorization, to ensure that only admins can access
> them. How can I do that?
> _______________________________________________
> 
>  
>  I''ve just done this, and all I did was to allow the user to login
using
> the login generator stuff and then write another filter which checks to
> see if that user has the correct role or not. Not "correct" but
it
> worked fine. I can post code if you want.
> 
> 
>  
>  _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 
>  
>  
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails 
> 
>  
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 
> 
>