There are a number of good authentication frameworks for rails - has anyone developed a generic authorization framework? I''m thinking of something that included the concept of roles, mapped roles to both actions and users and could be used to wrap actions before their invocation. Extra good would be some way to check data permissions (as in, "yes you can perform the ''Edit Dog'' action but only for beagles and chessies"), but i don''t know if it''s possible to do that well in a general way. thanks. Larry -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060304/22195e76/attachment.html
You could combine Ezra''s acl plugin with the new Edge Rails nested scopes to accomplish this. How is left as an exercise for the reader. You can learn more about the acl plugin here: http://www.brainspl.at/articles/2006/02/20/new-plugin-acl_system and the nested scope stuff here: http://blog.caboo.se/articles/2006/02/22/nested-with_scope Bob Silva http://www.railtie.net/ _____ From: rails-bounces@lists.rubyonrails.org [mailto:rails-bounces@lists.rubyonrails.org] On Behalf Of Larry White Sent: Saturday, March 04, 2006 6:07 AM To: Rails@lists.rubyonrails.org Subject: [Rails] authorization framework? There are a number of good authentication frameworks for rails - has anyone developed a generic authorization framework? I''m thinking of something that included the concept of roles, mapped roles to both actions and users and could be used to wrap actions before their invocation. Extra good would be some way to check data permissions (as in, "yes you can perform the ''Edit Dog'' action but only for beagles and chessies"), but i don''t know if it''s possible to do that well in a general way. thanks. Larry -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060304/77294164/attachment.html
On 3/4/06, Bob Silva <me@bobsilva.com> wrote:> > You could combine Ezra''s acl plugin with the new Edge Rails nested scopes > to accomplish this. How is left as an exercise for the reader. >Thanks. My doctor said I needed more exercise. ------------------------------> > *From:* rails-bounces@lists.rubyonrails.org [mailto: > rails-bounces@lists.rubyonrails.org] *On Behalf Of *Larry White > *Sent:* Saturday, March 04, 2006 6:07 AM > *To:* Rails@lists.rubyonrails.org > *Subject:* [Rails] authorization framework? > > There are a number of good authentication frameworks for rails - has > anyone developed a generic authorization framework? > > I''m thinking of something that included the concept of roles, mapped roles > to both actions and users and could be used to wrap actions before their > invocation. > > Extra good would be some way to check data permissions (as in, "yes you > can perform the ''Edit Dog'' action but only for beagles and chessies"), but i > don''t know if it''s possible to do that well in a general way. > > thanks. > > Larry > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060304/0cf0f662/attachment.html
What Bob said ;) Actually I am working on integrating the nested with_scope stuff into my acl_system plugin. I think it looks like the best way to protect model records. I''ll let you know when its ready. -Ezra On Mar 4, 2006, at 6:59 AM, Bob Silva wrote:> You could combine Ezra?s acl plugin with the new Edge Rails nested > scopes to accomplish this. How is left as an exercise for the reader. > > > > You can learn more about the acl plugin here: > > > > http://www.brainspl.at/articles/2006/02/20/new-plugin-acl_system > > > > and the nested scope stuff here: > > > > http://blog.caboo.se/articles/2006/02/22/nested-with_scope > > > > > > Bob Silva > > http://www.railtie.net/ > > From: rails-bounces@lists.rubyonrails.org [mailto:rails- > bounces@lists.rubyonrails.org] On Behalf Of Larry White > Sent: Saturday, March 04, 2006 6:07 AM > To: Rails@lists.rubyonrails.org > Subject: [Rails] authorization framework? > > > > There are a number of good authentication frameworks for rails - > has anyone developed a generic authorization framework? > > I''m thinking of something that included the concept of roles, > mapped roles to both actions and users and could be used to wrap > actions before their invocation. > > Extra good would be some way to check data permissions (as in, "yes > you can perform the ''Edit Dog'' action but only for beagles and > chessies"), but i don''t know if it''s possible to do that well in a > general way. > > thanks. > > Larry > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060304/b4e547a3/attachment-0001.html
Cool. Thank you. On 3/4/06, Ezra Zygmuntowicz <ezra@yakimaherald.com> wrote:> > > What Bob said ;) Actually I am working on integrating the nested > with_scope stuff into my acl_system plugin. I think it looks like the best > way to protect model records. I''ll let you know when its ready. > > -Ezra > > > On Mar 4, 2006, at 6:59 AM, Bob Silva wrote: > > You could combine Ezra''s acl plugin with the new Edge Rails nested scopes > to accomplish this. How is left as an exercise for the reader. > > > > You can learn more about the acl plugin here: > > > > http://www.brainspl.at/articles/2006/02/20/new-plugin-acl_system > > > > and the nested scope stuff here: > > > > http://blog.caboo.se/articles/2006/02/22/nested-with_scope > > > > > > Bob Silva > > http://www.railtie.net/ > ------------------------------ > > *From:* rails-bounces@lists.rubyonrails.org [ > mailto:rails-bounces@lists.rubyonrails.org<rails-bounces@lists.rubyonrails.org>] > *On Behalf Of *Larry White > *Sent:* Saturday, March 04, 2006 6:07 AM > *To:* Rails@lists.rubyonrails.org > *Subject:* [Rails] authorization framework? > > > > There are a number of good authentication frameworks for rails - has > anyone developed a generic authorization framework? > > I''m thinking of something that included the concept of roles, mapped roles > to both actions and users and could be used to wrap actions before their > invocation. > > Extra good would be some way to check data permissions (as in, "yes you > can perform the ''Edit Dog'' action but only for beagles and chessies"), but i > don''t know if it''s possible to do that well in a general way. > > thanks. > > Larry > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060304/a81c4742/attachment.html