Rails - Jul 2005 - Rails implementation: Blog + Wiki + Photo Gallery + Forum ?

Hi, I''m new to this community, to Rails, and to programming  (well,
let me put it this way, my programming skills are antiquated :-)).
I''ve played around a bit with Rails in my spare time (unfortunately
little of it these days) and I''m quite jazzed at what it can do with
so little code, and such an elegant structure.

I''ve been thinking that it would be cool to take a few open-source
Rails projects and combine them together to make a site that would
have a Blog, a Wiki, a Photo Gallery, and a Forum. (Something along
these lines actually exists called BLOG:CMS but it''s in PHP and
doesn''
t seems so straightforward to upgrade the individual parts.)

I had a few questions:

- Is anyone else trying to do this already? No need to re-invent the wheel :-).
- There''s a great blog software in Typo, and a beautiful wiki in
Instiki. Both are preDoes anyone know of a Photo Gallery and a Forum
software written in Rails?
- In theory - and I say this out of ignorance - it seems to me you
could put each of the four Rails apps on the same system, modify the
CSS files for each so that you get a uniform look for all (ideally
have them reference a single CSS file, but I don''t know if a Rails app
can reference a CSS file outside of the usual structure--maybe with
symlinks?), and then tweak each one so that it includes a header at
the top of the page that allows for a link to the other apps. In that
way, you don''t need a "parent" page.

Well, maybe this is a dumb idea and not at all doable. But I thought
I''d through it out there in case anyone has any input on it.

Cheers!



-- 
"Impossible is nothing."

On 7/26/05, zer0halo <zerohalo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I''ve been thinking that it would be cool to take a few open-source
> Rails projects and combine them together to make a site that would
> have a Blog, a Wiki, a Photo Gallery, and a Forum. (Something along
> these lines actually exists called BLOG:CMS but it''s in PHP and
doesn''
> t seems so straightforward to upgrade the individual parts.)
Well, each of those things are so _easy_ to make that I don''t really
see it as a worthy goal to try and re-use and merge other projects to
suit your needs. Just write what you need and don''t include what you
don''t need.

You''d have one controller for the blog, one for the photo gallery, one
for the forum, one for the wiki, and one for user accounts. This
structure would be *much* easier than trying to mash together 4
existing rails projects and make them work together.
> - In theory - and I say this out of ignorance - it seems to me you
> could put each of the four Rails apps on the same system, modify the
> CSS files for each so that you get a uniform look for all (ideally
> have them reference a single CSS file, but I don''t know if a Rails
app
> can reference a CSS file outside of the usual structure--maybe with
> symlinks?), and then tweak each one so that it includes a header at
> the top of the page that allows for a link to the other apps. In that
> way, you don''t need a "parent" page.
CSS is stored in a file that''s referenced by the HTML. This has
*nothing* to do with Rails and it will be the least of your worries
when trying to build a project in Rails.

-- 
Urban Artography
http://artography.ath.cx

Hiya,

I''m currently doing something like this, using rails
''Components'' for the
blog, gallery etc. I''m a fair way off having a forum or wiki, but I
think the
principles are re-useable, and any rails components coded with a few small 
conventions in common could be completely integratable in this way. I''d
be
interested to talk to anyone else using components in this manner.

Craig

On Wed, 27 Jul 2005 2:24 pm, zer0halo wrote:
> I''ve been thinking that it would be cool to take a few open-source
> Rails projects and combine them together to make a site that would
> have a Blog, a Wiki, a Photo Gallery, and a Forum. (Something along
> these lines actually exists called BLOG:CMS but it''s in PHP and
doesn''
> t seems so straightforward to upgrade the individual parts.)
-- 
Craig Ambrose
Web Elements
http://www.portallus.com/people/craigambrose/

zer0halo <zerohalo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
> - In theory - and I say this out of ignorance - it seems to me you
> could put each of the four Rails apps on the same system, and then
> tweak each one so that it includes a header at the top of the page
> that allows for a link to the other apps. In that way, you don''t
> need a "parent" page.
In my opinion, the hardest part of doing this would be handling
authentication.  Each system you glue together will have it''s own
authentication models.  You''d have to tie those together somehow.
-- 
doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org

Craig Ambrose <craiga-aW5oDkNkUadaA94nB1n4cRCuuivNXqWP@public.gmane.org>
writes:
> I''m currently doing something like this, using rails
''Components''
> for the blog, gallery etc.
I''d be very interested to see how you''ve set this up.  Can you
do a
quick-ish write-up on it or maybe post your code somewhere?
-- 
doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org

On 7/27/05, Doug Alcorn <doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org>
wrote:
> In my opinion, the hardest part of doing this would be handling
> authentication.  Each system you glue together will have it''s own
> authentication models.  You''d have to tie those together somehow.
You hit it bang on the head. Starting from scratch makes it dead easy
to have a single authentication system evenly throughout the system.
Mashing together a bunch of existing rails apps would be an
integration nightmare, IMHO.

The thing about Rails is that it''s an extra layer of abstraction on
top of what you''re already used to... so while code re-use is a good
idea generally, starting a fresh project in rails is already doing
boatloads of code reuse just by using the rails framework. In essense,
rails does all the heavy lifting for you, you just have to put in some
glue code to bring everything together and make it work, and this
"glue" code is highly specific to the project, hard to re-use project
to project.

I''m sure if you were motivated, you could develop a fully functional
forum/wiki/photo album/blog with authentication and user accounts and
the whole 9 yards in an afternoon with rails. Of course you''d spend a
lot of time tweaking it, designing the stylesheet to perfection, etc,
but the bulk of the actual work of developing the program could be
done in a day.

-- 
Urban Artography
http://artography.ath.cx

Rob Park <rbpark-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
> I''m sure if you were motivated, you could develop a fully
functional
> forum/wiki/photo album/blog with authentication and user accounts and
> the whole 9 yards in an afternoon with rails. Of course you''d
spend a
> lot of time tweaking it, designing the stylesheet to perfection, etc,
> but the bulk of the actual work of developing the program could be
> done in a day.
Bullshit.  Myself and two other excellent programmers were
sufficiently motivated and unable to finish even a single photo
gallery in a full 24 hours.  Does that mean we''re really lousy
programmers?  Are you really that much better than us that you could
do three or four times what we were able to finish in half the time?
I''ve heard that truly great programmers are 10x more productive than
the worst programmers but I''ve never thought I was one of the worst
programmers.  I''m sure Scott and Mark don''t either.

Rails is great.  I''m doing everything I can to make Rails my full-time
gig.  It is a highly productive environment.  The flow of TDD with
Rails is awesome.

But I''m really tired of hearing about writing an entire Yahoo
replacement in an afternoon.  Or, "Yea, I was bored at work today and
whipped up this full featured app and received VC funding before
lunch."

Over exaggerating the productivity of rails isn''t doing anyone any
good.  If you want a really good example of what''s possible in 24
hours of programming take a look at http://railsday.com.  Most of
those apps weren''t fully functional.  A noticeable percentage of the
people who tackled the project gave up.

Yes, you can implement a blog in 15 minutes.  There''s a video to prove
it.  But that blog isn''t anywhere near typo.  I''m sure the
guys
working on typo would be a little annoyed if you told them the sum
total of their work is less than an afternoon''s work.

I think the original poster has a legitimate desire: the ability to
integrate multiple rails applications.  We both agree that
authentication is the real problem.  Since the authentication schemes
I''m familiar with all just store the user object on the session, the
problem really comes down to sharing sessions between apps.  Once
you''re able to do that, it wouldn''t be too much work to
standardize
the user object for all the interested rails apps.
-- 
doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org

I''m sorry I was so harsh in my reply earlier.  I''ll blame it
on having
gotten up extra early this morning without enough coffee.

I said that I don''t think exaggerating the productivity increases of
RoR does anyone any good.  It''s equally true that me being harsh and
inflammatory doesn''t either.

BTW, Rob, I enjoyed your photography and panoramas.  Did you do your
photo gallery done in RoR?
-- 
doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org

On 27-Jul-2005, at 00:24, zer0halo wrote:
> Hi, I''m new to this community, to Rails, and to programming 
(well,
> let me put it this way, my programming skills are antiquated :-)).
> I''ve played around a bit with Rails in my spare time
(unfortunately
> little of it these days) and I''m quite jazzed at what it can do
with
> so little code, and such an elegant structure.
>
> I''ve been thinking that it would be cool to take a few open-source
> Rails projects and combine them together to make a site that would
> have a Blog, a Wiki, a Photo Gallery, and a Forum. (Something along
> these lines actually exists called BLOG:CMS but it''s in PHP and
doesn''
> t seems so straightforward to upgrade the individual parts.)
Not that my opinion matters, but after working with Mambo, Plone and 
eGroupware, I think components for Rails would be an excellent idea. 
This also follows the principle of DRY (Don''t Repeat Yourself). It 
seems that a lot of the applications written using Rails are actually 
CMSs (Content Management Systems). Basecamp is a perfect example. So 
why keep reinventing this wheel?

Someone else mentioned that (paraphrasing) the components are so easy 
to write, it doesn''t make sense to have components. That is true at 
first blush, but what about a Java WYSIWYG editor for the blog and 
wiki? How about selectable viewing scales for the photo gallery? You 
wouldn''t want to write these for every similar application.

Components also let you give the user a better "out of the box" 
experience. Once they realize that the "Congratulations, you''ve
put
Ruby on Rails" is just an HTML page, potential users could become 
disillusioned. If you had a few components to throw in there, it would 
be most impressive. E.g. "Congratulations, you''ve put Ruby on
Rails!.
Explore the components below for an idea of the power of Ruby and 
Rails. Address Book. Photo Album. Document Manager. Wiki Wiki."
> - In theory - and I say this out of ignorance - it seems to me you
> could put each of the four Rails apps on the same system, modify the
> CSS files for each so that you get a uniform look for all (ideally
> have them reference a single CSS file, but I don''t know if a Rails
app
> can reference a CSS file outside of the usual structure--maybe with
> symlinks?), and then tweak each one so that it includes a header at
> the top of the page that allows for a link to the other apps. In that
> way, you don''t need a "parent" page.
Sure, that is doable. The CSS files can be anywhere the web server can 
get to them. Even on another site.

All you mention above require standards, and therein lies the rub. You 
need uniform class and id names for all the HTML areas displayed. You 
need uniform naming and APIs for components. Quite a large can of 
worms, but not insurmountable.

Regards,
   JJ

---
Help everyone. If you can''t do that, then at least be nice.

Doug Alcorn wrote: (taken from the Rails implementation: Blog + Wiki...
thread)
> I think the original poster has a legitimate desire: the ability to
> integrate multiple rails applications.  We both agree that
> authentication is the real problem.  
Sure, I agree. So solution is probably to build a strong true RBAC layer
in rails so that everyone will want to use it?

We have a good working system in our good-but-never-widely-spread php
framework binarycloud. I''m sure we could borrow parts of design and
have
a good RBAC layer in Rails. Here a pointer to the docs Manuel wrote:
http://docs.binarycloud.com/en/auth/Theory.html

What do you all think of that?
-- 
Jean-Christophe Michel

hey jcm,

just yesterday I set up trac and svn for an internal project: rbaconrails.

I didn''t know you were back :) - anyone who would like a login
(it''s a secure system), please contact me off-list. Fairly soon
I''ll make an effort to make the project public and accessible, for the
moment it will remain private.

The system will be a barebones but completely functiona port of binarycloud
rbac, possibly with optional user-hierarchy (group) extensions in another gem or
with configuration.

Oh, in case it''s not bluntly clear: we do intend to release the code as
OS, under the MIT license.

_a
> Doug Alcorn wrote: (taken from the Rails implementation: Blog + Wiki...
> thread)
>> I think the original poster has a legitimate desire: the ability to
>> integrate multiple rails applications.  We both agree that
>> authentication is the real problem.
> 
> Sure, I agree. So solution is probably to build a strong true RBAC layer
> in rails so that everyone will want to use it?
> 
> We have a good working system in our good-but-never-widely-spread php
> framework binarycloud. I''m sure we could borrow parts of design
and have
> a good RBAC layer in Rails. Here a pointer to the docs Manuel wrote:
> http://docs.binarycloud.com/en/auth/Theory.html
> 
> What do you all think of that?
> --
> Jean-Christophe Michel
> 
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

alex black wrote:
> just yesterday I set up trac and svn for an internal project: rbaconrails.
> 
> I didn''t know you were back :) 
I never went away :p
> The system will be a barebones but completely functiona port of
> binarycloud rbac, possibly with optional user-hierarchy (group)
> extensions in another gem or with configuration.
Good. I need it, I want to contribute. I suppose it''ll require
ActiveRecord, isn''t it?
> Oh, in case it''s not bluntly clear: we do intend to release the
code as OS, under the MIT license.
WHat''s that, is it LGPL compliant?


-- 
Jean-Christophe Michel

On Jul 28, 2005, at 10:43 AM, alex black wrote:
> hey jcm,
>
> just yesterday I set up trac and svn for an internal project:  
> rbaconrails.
>
> I didn''t know you were back :) - anyone who would like a login  
> (it''s a secure system), please contact me off-list. Fairly soon  
> I''ll make an effort to make the project public and accessible, for
> the moment it will remain private.
>
> The system will be a barebones but completely functiona port of  
> binarycloud rbac, possibly with optional user-hierarchy (group)  
> extensions in another gem or with configuration.
>
> Oh, in case it''s not bluntly clear: we do intend to release the  
> code as OS, under the MIT license.
>
> _a
Fabulous!  Thanks, Alex.  I was thinking of tackling this myself, but  
have been busy with other projects.  This will be a real asset to  
inter-component communication.

Duane Johnson
(canadaduane)

So what is a bacon rail (rbaconrails)? Any relation to chunky bacon?  
Seriously though, this is something sorely needed in rails IMHO.  
Thanks for working on it.

Cheers-
-Ezra
On Jul 28, 2005, at 9:43 AM, alex black wrote:
> hey jcm,
>
> just yesterday I set up trac and svn for an internal project:  
> rbaconrails.
>
> I didn''t know you were back :) - anyone who would like a login  
> (it''s a secure system), please contact me off-list. Fairly soon  
> I''ll make an effort to make the project public and accessible, for
> the moment it will remain private.
>
> The system will be a barebones but completely functiona port of  
> binarycloud rbac, possibly with optional user-hierarchy (group)  
> extensions in another gem or with configuration.
>
> Oh, in case it''s not bluntly clear: we do intend to release the  
> code as OS, under the MIT license.
>
> _a
>
>
>> Doug Alcorn wrote: (taken from the Rails implementation: Blog +  
>> Wiki...
>> thread)
>>
>>> I think the original poster has a legitimate desire: the ability to
>>> integrate multiple rails applications.  We both agree that
>>> authentication is the real problem.
>>>
>>
>> Sure, I agree. So solution is probably to build a strong true RBAC  
>> layer
>> in rails so that everyone will want to use it?
>>
>> We have a good working system in our good-but-never-widely-spread php
>> framework binarycloud. I''m sure we could borrow parts of
design
>> and have
>> a good RBAC layer in Rails. Here a pointer to the docs Manuel wrote:
>> http://docs.binarycloud.com/en/auth/Theory.html
>>
>> What do you all think of that?
>> --
>> Jean-Christophe Michel
>>
>> _______________________________________________
>> Rails mailing list
>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>> http://lists.rubyonrails.org/mailman/listinfo/rails
>>
>>
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
-Ezra Zygmuntowicz
Yakima Herald-Republic
WebMaster
509-577-7732
ezra-gdxLOakOTQ9oetBuM9ipNAC/G2K4zDHf@public.gmane.org

John brings up a question I was thinking about: has anyone read any good 
articles/whitepapers about good design for component driven sites?  I am 
looking for something that isn''t so concerned with 
language/implementation details, but rather the theory.  Kind of like 
how you can explain MVC without Rails, I am interested in pure 
component-based design from a best-practices perspective.

Thanks,
Jeff

John Johnson wrote:
> All you mention above require standards, and therein lies the rub. You 
> need uniform class and id names for all the HTML areas displayed. You 
> need uniform naming and APIs for components. Quite a large can of 
> worms, but not insurmountable.
>
> Regards,
>   JJ

Would rbac allow a department head to manage all the users within his 
department?

-Larry


_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

On Thu, 28 Jul 2005, Larry Kelly wrote:
> Would rbac allow a department head to manage all the users within his
> department?
That''s what it seems like.

Not being hip to the acronym, I''ve not been paying attention. I do,
however, need some implementation of RBAC.

If someone''s working on RBAC for Rails, maybe putting something in the
wiki would be helpful:

http://wiki.rubyonrails.com/rails/search/?query=rbac

-- 
_Deirdre  web / blog: http://deirdre.net/
yarn: http://fuzzyorange.com    cat''s blog: http://fuzzyorange.com/vsd/
"Memes are a hoax! Pass it on!"

> Would rbac allow a department head to manage all the users within his 
> department?
yeeeep

with my groups system on top of it, it would :)

_a



-- 
alex black, founder
the turing studio, inc.

510.666.0074
root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org
http://www.turingstudio.com

2600 10th street, suite 635
berkeley, ca 94710

> If someone''s working on RBAC for Rails, maybe putting something in
the
> wiki would be helpful:
>
> http://wiki.rubyonrails.com/rails/search/?query=rbac
uh, where?

there doesn''t seem to be a "put your railsish project here"
page :)

_a

-- 
alex black, founder
the turing studio, inc.

510.666.0074
root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org
http://www.turingstudio.com

2600 10th street, suite 635
berkeley, ca 94710

On 7/27/05, Doug Alcorn <doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org>
wrote:
> In my opinion, the hardest part of doing this would be handling
> authentication.  Each system you glue together will have it''s own
> authentication models.  You''d have to tie those together somehow.
I wonder if the approach in this case would be rather than trying to
tie together the existing authentication models for each app, to
instead strip each app of its own authentication, create a separate
authentication component, and have them all use that one compenent.
Actually, an authentication compenent that implements ACL with a
variety of backends (htaccess, mysql, ldap, ntlm) would be a very nice
Rails Component to create and have available for anyone creating a
Rails app to plug into their creation.


-- 
"Impossible is nothing."

On 7/28/05, Doug Alcorn <doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org>
wrote:
> I''m sorry I was so harsh in my reply earlier.  I''ll blame
it on having
> gotten up extra early this morning without enough coffee.
Heh, ok. I might have been too vague -- I didn''t mean you could write
the whole thing start to finish in a day, I meant you could write the
actual rails code in a day, like just the base functionality. Extra
stuff like the web design and the views would be extra work.

Like you said, that video proves you can make a blog in 15 minutes, I
think a photo gallery is pretty much the same as a blog, just with
pictures instead of words, and a wiki would be pretty much exactly the
same as the blog except anybody can edit anybody else''s entries (which
means the only real difference is a matter of authentication), aside
from minor things like presentation (a blog would sort the entries by
date, the wiki would have an index for finding useful information and
would be less sensitive to the actual date something was written). A
forum might be a bit more involved but probably not much more.
> BTW, Rob, I enjoyed your photography and panoramas.  Did you do your
> photo gallery done in RoR?
Yeah, my whole website is done in rails. It''s a photo gallery (two
actually, one for photos and one for panoramas, but they''re mostly the
same), and it''s also a "blog" (really just a small collection
of
articles, but the only practical distinction between that and a blog
is that A, I sort my articles alphabetically instead of by date, and
B, I only update it once every other month ;)

Not to brag, but I had all the basic functionality done in a couple of
hours, it''s so simple. Stuff like the actual design took me a few
extra days (just because I''m really bad with design stuff like that),
most of that time spent whipping up the header graphic in Gimp. I''ve
been making tweaks and such to the code at least once a week, so you
could argue that it''s taken me something like 4 months to make my
website into what you see today, but if you measure the actual
man-hours of time I''ve invested into the website, it''s
probably not
much more than a couple days.

-- 
Urban Artography
http://artography.ath.cx

This leads to a good argument for putting some flexible
authentication/authorization modules into the core rails distribution.
 That way, given the standard architecture of Rails in general a site
component (such as a blog, calendar, gallery etc) could easily be
added to an existing app

Thanks,

   Tristan


On 7/28/05, zer0halo <zerohalo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On 7/27/05, Doug Alcorn
<doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org> wrote:
> 
> > In my opinion, the hardest part of doing this would be handling
> > authentication.  Each system you glue together will have it''s
own
> > authentication models.  You''d have to tie those together
somehow.
> 
> I wonder if the approach in this case would be rather than trying to
> tie together the existing authentication models for each app, to
> instead strip each app of its own authentication, create a separate
> authentication component, and have them all use that one compenent.
> Actually, an authentication compenent that implements ACL with a
> variety of backends (htaccess, mysql, ldap, ntlm) would be a very nice
> Rails Component to create and have available for anyone creating a
> Rails app to plug into their creation.
> 
> 
> --
> "Impossible is nothing."
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

On 7/28/05, Tristan Havelick
<thavelick-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> This leads to a good argument for putting some flexible
> authentication/authorization modules into the core rails distribution.
>  That way, given the standard architecture of Rails in general a site
> component (such as a blog, calendar, gallery etc) could easily be
> added to an existing app
Well, the login generator worked fine for me. Or are you suggesting to
actually include the login generator in the main rails package instead
of as an add-on?

-- 
Urban Artography
http://artography.ath.cx

zer0halo <zerohalo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
> On 7/27/05, Doug Alcorn
<doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org> wrote:
>
>> In my opinion, the hardest part of doing this would be handling
>> authentication.  Each system you glue together will have it''s
own
>> authentication models.  You''d have to tie those together
somehow.
>
> I wonder if the approach in this case would be rather than trying to
> tie together the existing authentication models for each app, to
> instead strip each app of its own authentication, create a separate
> authentication component, and have them all use that one compenent.
I think this ties into the other thread on RBAC.  I downloaded the PDF
from NIST on RBAC (how''s that for a pile of acronyms?)
http://csrc.nist.gov/rbac/.  It is a standard for handling role based
access control.
-- 
doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org

"alex black" <enigma-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org>
writes:
> just yesterday I set up trac and svn for an internal project:
> rbaconrails.
Where?
> The system will be a barebones but completely functiona port of
> binarycloud rbac, possibly with optional user-hierarchy (group)
> extensions in another gem or with configuration.
After reading more about RBAC, I''m still wondering if this would help
solve the single sign-on for multiple Rails app problem.  My guess is
that it only would if the multiple apps could share sessions.
>> Doug Alcorn wrote: (taken from the Rails implementation: Blog + Wiki...
>> thread)
>>> I think the original poster has a legitimate desire: the ability to
>>> integrate multiple rails applications.  We both agree that
>>> authentication is the real problem.
>> 
>> Sure, I agree. So solution is probably to build a strong true RBAC
layer
>> in rails so that everyone will want to use it?
>> 
>> http://docs.binarycloud.com/en/auth/Theory.html
-- 
doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org

Rob,

The login generator could work, but I something more robust is needed.
 Namely something that has groups or roles.   Currently with raw login
generator code, any user who can log in has access to everything.  We
need something that can define groups and allow for syntax in the
controller like

def update
  allow_access_to  :Administrators, :Sales, :Managers
  deny_access_to  MailRoomWorkers

  # ...

end

I think the existing login generator works well, but it has a ways to
go of course.   I think at some point it would be wise to distribute
it or something like it with Rails itself, or at least provide
developers with some sort of a flag that says ''This component supports
Login generator version x.x.

That said, I guess there isn''t anything preventing people from doing
that now.

On 7/29/05, Rob Park <rbpark-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On 7/28/05, Tristan Havelick
<thavelick-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > This leads to a good argument for putting some flexible
> > authentication/authorization modules into the core rails distribution.
> >  That way, given the standard architecture of Rails in general a site
> > component (such as a blog, calendar, gallery etc) could easily be
> > added to an existing app
> 
> Well, the login generator worked fine for me. Or are you suggesting to
> actually include the login generator in the main rails package instead
> of as an add-on?
> 
> --
> Urban Artography
> http://artography.ath.cx
>

On 7/29/05, Doug Alcorn <doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org>
wrote:
> > The system will be a barebones but completely functiona port of
> > binarycloud rbac, possibly with optional user-hierarchy (group)
> > extensions in another gem or with configuration.
> 
> After reading more about RBAC, I''m still wondering if this would
help
> solve the single sign-on for multiple Rails app problem.  My guess is
> that it only would if the multiple apps could share sessions.
Perhaps what you''re looking for isn''t an RBAC system, but
something
akin to Ping Identity''s PingFederate -- something that uses SAML as a
single-sign on solution. Honestly, that sounds like something really
interesting. Anybody considered working on something like this? I
could see (to use a horrible marketing term) some good synergy if
creators of Rails applications could find ways to work together to
share and promote user-bases. Just a thought.

The SAML specification isn''t that complicated and I''ve done
some work
with it before, maybe I can work on making a gem to easily enable that
sort of functionality into Rails applications. I''ve been trying to
come up with a good strong way to give something back, and I think
this just might be it.

Cheers,

bs.

On 7/29/05, Tristan Havelick
<thavelick-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I think the existing login generator works well, but it has a ways to
> go of course.   I think at some point it would be wise to distribute
> it or something like it with Rails itself, or at least provide
> developers with some sort of a flag that says ''This component
supports
> Login generator version x.x.
Well, the login generator just provides authentication, not
authorization (ie, it just provides a way for people to log in and be
known by their login name, it doesn''t provide any sort of access
control "who has access to what"). This is how it was designed to be;
first you install the login generator, then you build your
authorization system on top of the authentication. On a small personal
website like mine, the authorization model is "Rob''s account has
full
access to all controllers and actions, other accounts can''t do
anything more than a logged-out user" and then I take steps to hide
the account controller from the public because I don''t want anybody
logging in to my site but me. On a larger site where you have multiple
users, it shouldn''t be too difficult to have a "roles" class
with
different types of permissions in it, which you can assign to the user
accounts. The User model would "has_many :permissions" and then in
your controllers you could use before_filter to deny access to the
users who don''t have the proper permissions.

-- 
Urban Artography
http://artography.ath.cx

Rob Park wrote:
> On a larger site where you have multiple
> users, it shouldn''t be too difficult to have a "roles"
class with
> different types of permissions in it, which you can assign to the user
> accounts. The User model would "has_many :permissions" and then
in
> your controllers you could use before_filter to deny access to the
> users who don''t have the proper permissions.
Exactly, and there''s a standard for this: RBAC ;-)

-- 
Jean-Christophe Michel

On 8/1/05, Jean-Christophe Michel
<jc.michel-/aRvmaKoZxNWk0Htik3J/w@public.gmane.org>
wrote:
> Exactly, and there''s a standard for this: RBAC ;-)
Ok, I''d been hearing RBAC mentioned a few times on the list but
hadn''t
really been paying attention, wasn''t sure what it was.

-- 
Urban Artography
http://artography.ath.cx

yo,

a SAML layer on top of a common LDAP directory should work fine, and I 
see no reason why this shouldn''t be part of ActiveRBAC.

If we glom all this stuff together and make sure it works for simple 
and very complex things, we''ll end up with a common user infrastructure
for Rails.

That is the single greatest barrier to "sharing" complex applications 
in a community. I''d like to nuke that barrier and have common apps that
all use ActiveRBAC so you can (for example) actually install a CMS and 
expect it to play nicely with your current (whatever kind of app) 
users, since they use the same database and make the same assumptions 
about the capabilities of the underlying auth system.

:)

_alex


On Jul 29, 2005, at 11:44 AM, Ben Schumacher wrote:
> On 7/29/05, Doug Alcorn
<doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org> wrote:
>>> The system will be a barebones but completely functiona port of
>>> binarycloud rbac, possibly with optional user-hierarchy (group)
>>> extensions in another gem or with configuration.
>>
>> After reading more about RBAC, I''m still wondering if this
would help
>> solve the single sign-on for multiple Rails app problem.  My guess is
>> that it only would if the multiple apps could share sessions.
>
> Perhaps what you''re looking for isn''t an RBAC system, but
something
> akin to Ping Identity''s PingFederate -- something that uses SAML
as a
> single-sign on solution. Honestly, that sounds like something really
> interesting. Anybody considered working on something like this? I
> could see (to use a horrible marketing term) some good synergy if
> creators of Rails applications could find ways to work together to
> share and promote user-bases. Just a thought.
>
> The SAML specification isn''t that complicated and I''ve
done some work
> with it before, maybe I can work on making a gem to easily enable that
> sort of functionality into Rails applications. I''ve been trying to
> come up with a good strong way to give something back, and I think
> this just might be it.
>
> Cheers,
>
> bs.
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>
-- 
alex black, founder
the turing studio, inc.

510.666.0074
root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org
http://www.turingstudio.com

2600 10th street, suite 635
berkeley, ca 94710

AMEN. Honestly the single biggest barrier to integrating any app the a
common userspace

Sam

On 8/5/05, alex black <enigma-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org>
wrote:
> yo,
> 
> a SAML layer on top of a common LDAP directory should work fine, and I
> see no reason why this shouldn''t be part of ActiveRBAC.
> 
> If we glom all this stuff together and make sure it works for simple
> and very complex things, we''ll end up with a common user
infrastructure
> for Rails.
> 
> That is the single greatest barrier to "sharing" complex
applications
> in a community. I''d like to nuke that barrier and have common apps
that
> all use ActiveRBAC so you can (for example) actually install a CMS and
> expect it to play nicely with your current (whatever kind of app)
> users, since they use the same database and make the same assumptions
> about the capabilities of the underlying auth system.
> 
> :)
> 
> _alex
> 
> 
> On Jul 29, 2005, at 11:44 AM, Ben Schumacher wrote:
> 
> > On 7/29/05, Doug Alcorn
<doug-jGAhs73c5XxeoWH0uzbU5w@public.gmane.org> wrote:
> >>> The system will be a barebones but completely functiona port
of
> >>> binarycloud rbac, possibly with optional user-hierarchy
(group)
> >>> extensions in another gem or with configuration.
> >>
> >> After reading more about RBAC, I''m still wondering if
this would help
> >> solve the single sign-on for multiple Rails app problem.  My guess
is
> >> that it only would if the multiple apps could share sessions.
> >
> > Perhaps what you''re looking for isn''t an RBAC
system, but something
> > akin to Ping Identity''s PingFederate -- something that uses
SAML as a
> > single-sign on solution. Honestly, that sounds like something really
> > interesting. Anybody considered working on something like this? I
> > could see (to use a horrible marketing term) some good synergy if
> > creators of Rails applications could find ways to work together to
> > share and promote user-bases. Just a thought.
> >
> > The SAML specification isn''t that complicated and
I''ve done some work
> > with it before, maybe I can work on making a gem to easily enable that
> > sort of functionality into Rails applications. I''ve been
trying to
> > come up with a good strong way to give something back, and I think
> > this just might be it.
> >
> > Cheers,
> >
> > bs.
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> >
> 
> --
> alex black, founder
> the turing studio, inc.
> 
> 510.666.0074
> root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org
> http://www.turingstudio.com
> 
> 2600 10th street, suite 635
> berkeley, ca 94710
> 
> 
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>