I am curious if there is an existing ACL system/plugin for Rails? As Rails is essentially poised to be deployed in an application environment, I find it quite hard to believe that this hasn''t been included at its core. If I am mistaken, please advise, if not, let me know how I can solve this. I have done some research and found RubyACL, but still requires a cross integration into rails which requires a DB or a configuration file. If nothing arises, I do plan on writing something of this nature, and have already started on the data model, but I first thought I would see if anyone else has a package available along these lines before I get too deep to turn back. Also, if nothing does exist, I wouldn''t mind any assistance making a solid, universal ACL package for Rails which can be deployed in an open source environment. If you are interested in contributing, lets get to it :) Warmest regards, Nathan. -------------------------------------------------------------- Nathaniel S. H. Brown Toll Free 1.877.4.INIMIT Inimit Innovations Phone 604.724.6624 www.inimit.com Fax 604.444.9942
Nathaniel S. H. Brown wrote:>I am curious if there is an existing ACL system/plugin for Rails? As Rails >is essentially poised to be deployed in an application environment, I find >it quite hard to believe that this hasn''t been included at its core. > > >Isn''t ModelSecurity[1] what you want? I believe it supports a full ACL model, but I may be wrong [1]http://perens.com/FreeSoftware/ModelSecurity/
You might want to look at this for some ideas. http://perens.com/FreeSoftware/ModelSecurity/ HTH, Geoff On 31/10/05, Nathaniel S. H. Brown <nshb-wgYSSEAWXinQT0dZR+AlfA@public.gmane.org> wrote:> > I am curious if there is an existing ACL system/plugin for Rails? As Rails > is essentially poised to be deployed in an application environment, I find > it quite hard to believe that this hasn''t been included at its core. > > If I am mistaken, please advise, if not, let me know how I can solve this. > I > have done some research and found RubyACL, but still requires a cross > integration into rails which requires a DB or a configuration file. > > If nothing arises, I do plan on writing something of this nature, and have > already started on the data model, but I first thought I would see if > anyone > else has a package available along these lines before I get too deep to > turn > back. Also, if nothing does exist, I wouldn''t mind any assistance making a > solid, universal ACL package for Rails which can be deployed in an open > source environment. If you are interested in contributing, lets get to it > :) > > Warmest regards, > Nathan. > > -------------------------------------------------------------- > Nathaniel S. H. Brown Toll Free 1.877.4.INIMIT > Inimit Innovations Phone 604.724.6624 > www.inimit.com <http://www.inimit.com> Fax 604.444.9942 > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >_______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 10/31/05, Nathaniel S. H. Brown <nshb-wgYSSEAWXinQT0dZR+AlfA@public.gmane.org> wrote:> > I am curious if there is an existing ACL system/plugin for Rails? As Rails > is essentially poised to be deployed in an application environment, I find > it quite hard to believe that this hasn''t been included at its core. > > If I am mistaken, please advise, if not, let me know how I can solve this. > I > have done some research and found RubyACL, but still requires a cross > integration into rails which requires a DB or a configuration file. > > If nothing arises, I do plan on writing something of this nature, and have > already started on the data model, but I first thought I would see if > anyone > else has a package available along these lines before I get too deep to > turn > back. Also, if nothing does exist, I wouldn''t mind any assistance making a > solid, universal ACL package for Rails which can be deployed in an open > source environment. If you are interested in contributing, lets get to it > :) > > Warmest regards, > Nathan. > > -------------------------------------------------------------- > Nathaniel S. H. Brown Toll Free 1.877.4.INIMIT > Inimit Innovations Phone 604.724.6624 > www.inimit.com <http://www.inimit.com> Fax 604.444.9942 > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >You might also want to take a look at ActiveRbac https://activerbac.turingstudio.com/trac -- ********************************* All that is gold does not glitter. Not all those who wander are lost. The old who are strong do not whither. Deep roots are not touched by the frost. -- J.R.R. Tolkein _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On 10/31/05, Lee Pope <leepope-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:>> > You might also want to take a look at ActiveRbac > > https://activerbac.turingstudio.com/trac >Do both ActiveRbac and ModelSecurity accomplish the groups, roles, etc stuff?
As far as I''ve seen ModelSecurity does not provide access control based on users/groups/permissions, but I suspect this should not be too difficult to add. ModelSecurity includes user registration (login, singup, forgot password, and user configuration), and access methods for controllers and models. Using ModelSecurity you can restrict access to controllers with the filters :require_login and :require_admin (these can be executed on certain actions using the parameter :only => [ :list, :show ]). Also, you can protect attributes on models with the filters: let_access (Read and Write), let_display (Read) & let_write (Write). This is the important thing in ModelSecurity; defining fine grained access to your data. You''ll have to write methods that allow/deny access to your models attributes (this is, of course, very powerful, can be really useful/dangerous). caveat: This is what I''ve seen from using ModelSecurity during a day or two; I''m no expert on ModelSecurity Ruairi PD: I''m also no expert on Security (capital "C" there), but I''ve a bit of experience in administrating crap like SiteMinder. I know access control can be a real bitch (pardon my French). I''d like to see this Problem (capital "P") solved in a "standard" manner in rails (be it a generator). It''s not an easy problem to solve though: access control is usually based on business rules. Kev Jackson wrote:> Nathaniel S. H. Brown wrote: > >> I am curious if there is an existing ACL system/plugin for Rails? As >> Rails >> is essentially poised to be deployed in an application environment, I >> find >> it quite hard to believe that this hasn''t been included at its core. >> >> >> > Isn''t ModelSecurity[1] what you want? I believe it supports a full > ACL model, but I may be wrong > > [1]http://perens.com/FreeSoftware/ModelSecurity/ > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >