Hi, I''ve been following the discussions about roll-your-own, generators, plugins and engines with interest. I wonder how much peoples needs really vary when it comes to a login system. Right now the Rails wiki is not so helpful with a discussion of authentication in general and I would like to see the wiki improve. Perhaps the best way to start is with a list of authentication features people actually would like to have. Maybe the list will be long but if the lists exists it will make it easier for someone new to roll their own if that is the best way to go. Also the list could be fleshed out with more wiki pages describing strategies for each item. I would like to have * forgotten password emails * user roles What features do you need? Peter _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
I''ve only checked out Model Security and things I didn''t like about it: - appears to only use HTTP authentication, rather than HTML forms. - MySQL specific. Though porting to PostgreSQL et al should be trivial. - Waaay complex - lots of libs, helpers, models, views, controllers, etc. Other than that, it appears to be well done and quite capable. But I''ll probably end up using pieces of it to suit my needs. csn --- Peter Michaux <petermichaux-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi, > > I''ve been following the discussions about > roll-your-own, generators, plugins > and engines with interest. I wonder how much peoples > needs really vary when > it comes to a login system. Right now the Rails wiki > is not so helpful with > a discussion of authentication in general and I > would like to see the wiki > improve. Perhaps the best way to start is with a > list of authentication > features people actually would like to have. Maybe > the list will be long but > if the lists exists it will make it easier for > someone new to roll their own > if that is the best way to go. Also the list could > be fleshed out with more > wiki pages describing strategies for each item. > > I would like to have > > * forgotten password emails > * user roles > > What features do you need? > > Peter > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >__________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
The model security can use html forms... Just click on cancel when the box
comes up from the HTTP auth.
I think it''s a great idea to set up a list of desired features
I think that in addition to the forgotton password email and user roles,
there is also a need to have the ability to either extend, or dynamically
assign associations and fields to the user model without
overwriting/modifying the code for the system. I want to be able to
associate users with other objects in the app without changing the
user.rbfile in the login system. Login Engine does this presently.
Also a feature to allow certain roles to perform certain actions on the user
(or a sub-set of users) via a config option. This option may mean that a
seperate Admin interface is not required. Not sure how this would work
though, especially if your an admin, and therefore you can access every
user, but the manager role option below is read first and so limits your
options...
ie.
config :allow_user_actions
:actions
=>[''list'',''edit'',''show''],
:required_role => [''Manager''],
:on_users => "department = #{curren_user.department}"
config :allow_user_actions
:actions =>[:all],
:required_role => [''Admin],
:on_users => :all
A filter for the a controller that sets the role required for actions.
Of course whatever system is put up, they should agree on the basic method
names and where each of these methods is available and applied...
current_user
login_required
role_required
roles_allowed (maybe multiple roles should have access to the list of
actions)
has_role
etc
Just a couple of thoughts...
On 11/12/05, CSN
<cool_screen_name90001-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
wrote:>
>
> I''ve only checked out Model Security and things I
> didn''t like about it:
>
> - appears to only use HTTP authentication, rather than
> HTML forms.
> - MySQL specific. Though porting to PostgreSQL et al
> should be trivial.
> - Waaay complex - lots of libs, helpers, models,
> views, controllers, etc.
>
> Other than that, it appears to be well done and quite
> capable. But I''ll probably end up using pieces of it
> to suit my needs.
>
> csn
>
>
> --- Peter Michaux
<petermichaux-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > Hi,
> >
> > I''ve been following the discussions about
> > roll-your-own, generators, plugins
> > and engines with interest. I wonder how much peoples
> > needs really vary when
> > it comes to a login system. Right now the Rails wiki
> > is not so helpful with
> > a discussion of authentication in general and I
> > would like to see the wiki
> > improve. Perhaps the best way to start is with a
> > list of authentication
> > features people actually would like to have. Maybe
> > the list will be long but
> > if the lists exists it will make it easier for
> > someone new to roll their own
> > if that is the best way to go. Also the list could
> > be fleshed out with more
> > wiki pages describing strategies for each item.
> >
> > I would like to have
> >
> > * forgotten password emails
> > * user roles
> >
> > What features do you need?
> >
> > Peter
> > > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
>
>
>
>
> __________________________________
> Yahoo! FareChase: Search multiple travel sites in one click.
> http://farechase.yahoo.com
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails
--- Liquid <has.sox-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> The model security can use html forms... Just click > on cancel when the box > comes up from the HTTP auth.I don''t want it to come up *at all*. csn __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com
If you remove the On 11/12/05, CSN <cool_screen_name90001-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:> > > > --- Liquid <has.sox-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > The model security can use html forms... Just click > > on cancel when the box > > comes up from the HTTP auth. > > I don''t want it to come up *at all*. > > csnIn that case then you need to modify the User controller. remove line 108 (and any others that you can find...) http_authorize I think this should do it. __________________________________> Yahoo! FareChase: Search multiple travel sites in one click. > http://farechase.yahoo.com > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >_______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails