Hello, I want to allow some users to manage other user accounts, but do not want them to manage the admin account. I have tried auth_generator, login_engine and user_engine I am having a hard time gettign this to work. Looking for advise and help. Thanks Frank -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060103/3f48b351/attachment.html
Hi Frank, I''ve being messing with login_engine for a day or two and it works nicely. Going from there, ik think what you want is not that hard to realise. If you create an extra field in the users table which is called e.g. maintained_by. Then you can set up relations between what user-user can be maintained by what admin-user (admin-user being a user with privileges to manage other users). Or, if it needs to be ''bigger''. An extra table with a many-to-many relationship if an enduser can be maintained by more then one admin-user. (but that seems like overkill. Regards, Gerard. On Tuesday 03 January 2006 22:44, Frank tried to type something like:> Hello, > > I want to allow some users to manage other user accounts, but do not want > them to manage the admin account. > > I have tried auth_generator, login_engine and user_engine > > I am having a hard time gettign this to work. > Looking for advise and help. > > Thanks > Frank-- "Who cares if it doesn''t do anything? It was made with our new Triple-Iso-Bifurcated-Krypton-Gate-MOS process ..." My $Grtz =~ Gerard; ~ :wq!
Frank wrote:> Hello, > > I want to allow some users to manage other user accounts, but do not > want them to manage the admin account. > > I have tried auth_generator, login_engine and user_engine > > I am having a hard time gettign this to work. > Looking for advise and help. > > Thanks > FrankThe login/user engine combo supports multiple ''roles''. There are two edit funcitons, one that edits the current user and one that edits a different one. It is a simple matter to assign the permission to use the one that edits other users to an ''superadmin'' or ''admin'' role. -- Posted via http://www.ruby-forum.com/.
I am having trouble understanding the user_engine. It seems if I uncheck all user permissions for a role called supervisor. The user assigned to supervisor can still create a new user. Is there any better docs on loging_engine and user_engine? Frank On Jan 3, 2006, at 9:03 PM, Kevin Olbrich wrote:> Frank wrote: >> Hello, >> >> I want to allow some users to manage other user accounts, but do not >> want them to manage the admin account. >> >> I have tried auth_generator, login_engine and user_engine >> >> I am having a hard time gettign this to work. >> Looking for advise and help. >> >> Thanks >> Frank > > The login/user engine combo supports multiple ''roles''. There are two > edit funcitons, one that edits the current user and one that edits a > different one. It is a simple matter to assign the permission to use > the one that edits other users to an ''superadmin'' or ''admin'' role. > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails
The administrator role (i.e. the one which the user engine has been told to use as admin) is ''omnipotent'' - i.e. any users with this role will be able to perform all actions, no matter what the actual permissions set to it are. It''s basically a ''root'' user. What you probably want to do is create a *new* role for your supervisor - which will, of course, respect the permissions you assign to it. Aside from the RDoc in the code, there is no real documentation for the user engine (or the login engine I suppose). Obviously it would be great if there was more information, and I''ll work on that when I get the chance. However, docs will never be a substitute for reading (and hopefully understanding) the code... - james On 1/4/06, Frank Rocco <farocco@verizon.net> wrote:> I am having trouble understanding the user_engine. > It seems if I uncheck all user permissions for a role called supervisor. > The user assigned to supervisor can still create a new user. > > Is there any better docs on loging_engine and user_engine? > > Frank > > On Jan 3, 2006, at 9:03 PM, Kevin Olbrich wrote: > > > Frank wrote: > >> Hello, > >> > >> I want to allow some users to manage other user accounts, but do not > >> want them to manage the admin account. > >> > >> I have tried auth_generator, login_engine and user_engine > >> > >> I am having a hard time gettign this to work. > >> Looking for advise and help. > >> > >> Thanks > >> Frank > > > > The login/user engine combo supports multiple ''roles''. There are two > > edit funcitons, one that edits the current user and one that edits a > > different one. It is a simple matter to assign the permission to use > > the one that edits other users to an ''superadmin'' or ''admin'' role. > > > > -- > > Posted via http://www.ruby-forum.com/. > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
ok, I created a supervisor role and assigned delete_user and edit_user. This role is allowed to delete admin. I do not want admin to be changed or deleted by this role. What can I do? Frank ----- Original Message ----- From: "James Adam" <james.adam@gmail.com> To: <rails@lists.rubyonrails.org> Sent: Wednesday, January 04, 2006 4:57 AM Subject: Re: [Rails] Re: best authorization? The administrator role (i.e. the one which the user engine has been told to use as admin) is ''omnipotent'' - i.e. any users with this role will be able to perform all actions, no matter what the actual permissions set to it are. It''s basically a ''root'' user. What you probably want to do is create a *new* role for your supervisor - which will, of course, respect the permissions you assign to it. Aside from the RDoc in the code, there is no real documentation for the user engine (or the login engine I suppose). Obviously it would be great if there was more information, and I''ll work on that when I get the chance. However, docs will never be a substitute for reading (and hopefully understanding) the code... - james On 1/4/06, Frank Rocco <farocco@verizon.net> wrote:> I am having trouble understanding the user_engine. > It seems if I uncheck all user permissions for a role called supervisor. > The user assigned to supervisor can still create a new user. > > Is there any better docs on loging_engine and user_engine? > > Frank > > On Jan 3, 2006, at 9:03 PM, Kevin Olbrich wrote: > > > Frank wrote: > >> Hello, > >> > >> I want to allow some users to manage other user accounts, but do not > >> want them to manage the admin account. > >> > >> I have tried auth_generator, login_engine and user_engine > >> > >> I am having a hard time gettign this to work. > >> Looking for advise and help. > >> > >> Thanks > >> Frank > > > > The login/user engine combo supports multiple ''roles''. There are two > > edit funcitons, one that edits the current user and one that edits a > > different one. It is a simple matter to assign the permission to use > > the one that edits other users to an ''superadmin'' or ''admin'' role. > > > > -- > > Posted via http://www.ruby-forum.com/. > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >_______________________________________________ Rails mailing list Rails@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails
You want something that is beyond the scope of the user engine, i.e. access control over specific objects. The user engine only controls which actions a particular Role can execute. However, you can control which objects can be manipulated by providing different actions for manipulating each object type. The user engine''s own user-management actions will need to be overriden if you want to impose restrictions on which objects they can modify. - james On 1/4/06, Frank <farocco@verizon.net> wrote:> ok, > > I created a supervisor role and assigned delete_user and edit_user. > > This role is allowed to delete admin. > I do not want admin to be changed or deleted by this role. > > What can I do? > > Frank > ----- Original Message ----- > From: "James Adam" <james.adam@gmail.com> > To: <rails@lists.rubyonrails.org> > Sent: Wednesday, January 04, 2006 4:57 AM > Subject: Re: [Rails] Re: best authorization? > > > The administrator role (i.e. the one which the user engine has been > told to use as admin) is ''omnipotent'' - i.e. any users with this role > will be able to perform all actions, no matter what the actual > permissions set to it are. It''s basically a ''root'' user. What you > probably want to do is create a *new* role for your supervisor - which > will, of course, respect the permissions you assign to it. > > Aside from the RDoc in the code, there is no real documentation for > the user engine (or the login engine I suppose). Obviously it would be > great if there was more information, and I''ll work on that when I get > the chance. However, docs will never be a substitute for reading (and > hopefully understanding) the code... > > - james > > On 1/4/06, Frank Rocco <farocco@verizon.net> wrote: > > I am having trouble understanding the user_engine. > > It seems if I uncheck all user permissions for a role called supervisor. > > The user assigned to supervisor can still create a new user. > > > > Is there any better docs on loging_engine and user_engine? > > > > Frank > > > > On Jan 3, 2006, at 9:03 PM, Kevin Olbrich wrote: > > > > > Frank wrote: > > >> Hello, > > >> > > >> I want to allow some users to manage other user accounts, but do not > > >> want them to manage the admin account. > > >> > > >> I have tried auth_generator, login_engine and user_engine > > >> > > >> I am having a hard time gettign this to work. > > >> Looking for advise and help. > > >> > > >> Thanks > > >> Frank > > > > > > The login/user engine combo supports multiple ''roles''. There are two > > > edit funcitons, one that edits the current user and one that edits a > > > different one. It is a simple matter to assign the permission to use > > > the one that edits other users to an ''superadmin'' or ''admin'' role. > > > > > > -- > > > Posted via http://www.ruby-forum.com/. > > > _______________________________________________ > > > Rails mailing list > > > Rails@lists.rubyonrails.org > > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > _______________________________________________ > > Rails mailing list > > Rails@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
How about using ActiveRBAC instead? I haven''t used it but it has very nice documentation, which I''ve read, and it seems it would do what you want. https://activerbac.turingstudio.com/trac/wiki (follow the link to the pdf documentation - its simple and clear) Has anyone tried this? How does it compare with other such plugins, engines, generators? What about this one - it seems more flexible still: http://www.billkatz.com/authorization but which is more mature? Which one can I just plug in and run with? -- Posted via http://www.ruby-forum.com/.
Reasonably Related Threads
- How do I install user_engine & login_engine?
- Need Login/Authorization/User Management Advice
- help with installing login_engine
- UserEngine - rake bootstrap aborted => undefined method `synchronize_with_controllers'' for Permission:Class
- What does this error mean when using scaffold?