I''d like to announce my very first plugin: RESTful_Acl =What it doesRESTful_Acl is a simple access control layer, it allows you to restrict access on a fine-grained level to any RESTful MVC stack. While the ACL structure and engine are provided by this plugin, the implementation is fully up to the user. Every application is different and everyone likes to setup their User / Account / Role resources differently; this plugin will allow you to do your thing and keep that thing locked down. The full write up and source can be found at: http://code.google.com/p/restful-acl/ Thoughts and suggestions are welcome! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks Matt! It would be great if the instructions would cover a bit more how to use it. I''m just fighting with it. undefined local variable or method `error_url'' is the error I have now. And I only added before_filter :has_permission? to one controller. I''m not so experienced with RoR but anyway... Regards -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> undefined local variable or method `error_url'' is the error I have now. > And I only added before_filter :has_permission? to one controller. I''m > not so experienced with RoR but anyway...It seems as though you''re using the first revision of RESTful_ACL that expected a few named routes to exist. I''ve taken these requirements out in the latest versions, so if you update the plugin you should be ready to roll right away. ./script/plugin remove http://restful-acl.googlecode.com/svn/tags/restful_acl ./script/plugin install http://restful-acl.googlecode.com/svn/tags/restful_acl Hope this helps and thanks for checking out RESTful_ACL! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, As part of other topic you where asking for suggestions/comments about the plugin documentation. This post: http://www.ruby-forum.com/topic/144456#new I started looking at it but decided to put it away since I''m not so experienced. I hope you could make some example about how to use it and integrate it to a simple app. The contents of the readme is pasted below (not much help there) --------- RestfulAcl ========= Introduction goes here. Example ====== Example goes here. --------- Then the other piece of info is in google code: http://code.google.com/p/restful-acl/ But again that''s for experienced people. What kind of user model is needed, role model? Again a simple example would be much more helpful.>>undefined local variable or method `error_url''Thas was the first problem I had. Besides not knowing how to get the plugin in the first place since you assume that people know how to add the repository before intalling. I didn''t so I had to ask again. Still the error_url was not fixed. Now based on some other info from the last days it might be that I just need to create a "error" route in the routes file and that''s what you are calling. But still it requires some further additions. Part of your documentation is "and a smattering of mapped URLs in order to work." Well, that''s something I would really ellaborate a "bit" more. Of course you can target your plugin to people with lot of experience but I''m sure many people will look at the info available before deciding to try it out. I guess this is some feedback already 8-) Cheers! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
comopasta Gr wrote:> Hi, > > As part of other topic you where asking for suggestions/comments about > the plugin documentation. > > This post: http://www.ruby-forum.com/topic/144456#new > > I started looking at it but decided to put it away since I''m not so > experienced. > I hope you could make some example about how to use it and integrate it > to a simple app. > > The contents of the readme is pasted below (not much help there) > > --------- > > RestfulAcl > =========> > Introduction goes here. > > > Example > ======> > Example goes here. > > --------- > > Then the other piece of info is in google code: > http://code.google.com/p/restful-acl/ > > But again that''s for experienced people. What kind of user model is > needed, role model? Again a simple example would be much more helpful. > >>>undefined local variable or method `error_url'' > Thas was the first problem I had. Besides not knowing how to get the > plugin in the first place since you assume that people know how to add > the repository before intalling. I didn''t so I had to ask again. > > Still the error_url was not fixed. Now based on some other info from the > last days it might be that I just need to create a "error" route in the > routes file and that''s what you are calling. But still it requires some > further additions. > > Part of your documentation is "and a smattering of mapped URLs in order > to work." Well, that''s something I would really ellaborate a "bit" more. > > Of course you can target your plugin to people with lot of experience > but I''m sure many people will look at the info available before deciding > to try it out. > > I guess this is some feedback already 8-) > > Cheers!Good point about the readme file; I will update that with the contents from the Google repository. The write up says that this plugin expects that you are using the RESTful_Authentication plugin; it creates the User model for you and also supplies other needed methods. All you need to do is add the before_filter to the User controller and the four CRUD functions to the User model and RESTful_ACL is ready to work. Just follow the steps in the Google write up and you''ll be up and running in seconds. The write up now includes directions on how to add the required named routes to your routes.rb file. Experience is all relative; I''d only used RoR for a few months at the time of writing RESTful_ACL :) Thank you for feedback and I hope this will help! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, excellent! I''ll give it a try and see how it goes after I finish some stuff. I''m learning every minute 8-) Thanks. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hello, Sorry if my question looks stupid but I am quite new with RoR, I am looking at an ACL plugin for my projects (I have already decided for Restful_Authentication) and I have a question about restful_acl. Let''s say that I have 2 roles : teachers and students and a note model teacher can create, update, view, delete his notes (note the one from an other teacher) and a student can only see his notes. If I understood correctly in the note.rb (my model), I need to define the 4 methods described in the plugin documentation (is_updatable, is deletable, ...). But I am not sure how to write these method to restrict the access depending on the note I am "evaluating and not only the role? def is_updatable_by(user) # note should be updatable only by the teacher who created it user.is_teacher? and ????? end def self.is_readable_by(user, object = nil) # note should be readable only by all the teachers or by the student who has this note user.is_student? or user.eql?(object.author) end Thanks very much for your help. Additional question : why are some of the method "self." and not the others? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 29 Mar 2008, at 09:59, Tranquiliste wrote:> def is_updatable_by(user) # note should be updatable > only by the teacher who created it > user.is_teacher? and ????? > endGiven you have a relationship belongs_to :owner, :class_name => "Teacher", :foreign_key => "owner_id" def is_updatable_by(user) # note should be updatable user.is_teacher? and self.owner==user end Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Tranquiliste wrote:> def is_updatable_by(user) # note should be updatable > only by the teacher who created it > user.is_teacher? and ????? > end > > def self.is_readable_by(user, object = nil) # note should be > readable only by all the teachers or by the student who has this note > user.is_student? or user.eql?(object.author) > end > > Thanks very much for your help. > Additional question : why are some of the method "self." and not the > others?Hi Tranquiliste, thanks for using RESTful_ACL! To answer your questions: To restrict editing of a Note to only the Teacher who created it I would do (in Note) belongs_to :author, :foreign_key => ''created_by_id'', :class_name => ''Teacher'' def is_updatable_by(user) user.eql?(author) end def self.is_readable_by(user, object = nil) user.is_teacher? || object.student_id == user.id end When you say ''note should be readable by the student who has this note'' I''ve assumed that you''re linking each Note with a Student in some fashion. As for your last question: the is_readable_by and is_creatable_by methods are class methods, meaning that they operate at the class level and not with just a single object. (Note instead of note, if you get my drift). That''s where the ''self'' comes into play. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thanks both of you for the answers. I am going to look at them. Nciolas --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hello, Sorry to bother you again but what if several teachers can modify the note and a teacher can modify several notes? (which means we have a model note-owner?) Tranquiliste a écrit :> Thanks both of you for the answers. I am going to look at them. > > Nciolas--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Tranquiliste wrote:> Hello, > > Sorry to bother you again but what if several teachers can modify the > note and a teacher can modify several notes? (which means we have a > model note-owner?) > > Tranquiliste a �crit :In Note.rb: def is_updatable_by(user) user.eql?(author) || user.is_a?(Teacher) end -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> In Note.rb: > def is_updatable_by(user) > user.eql?(author) || user.is_a?(Teacher) > end > -- > Posted viahttp://www.ruby-forum.com/.Thanks again, but in my case not all the teachers can modify the note, only those who have been authorized. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 30 Mar 2008, at 09:21, Tranquiliste wrote:>> In Note.rb: >> def is_updatable_by(user) >> user.eql?(author) || user.is_a?(Teacher) >> end >> -- >> Posted viahttp://www.ruby-forum.com/. > > Thanks again, but in my case not all the teachers can modify the note, > only those who have been authorized.A bit of common sense could take you a long way: def is_updatable_by(user) user.eql?(author) || ( user.is_a?(Teacher) && user.is_authorized? ) end Replace the is_authorized? method with something else if you want, maybe something that has a bit more logic behind it... Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Sorry I am stupid, I have just understood something (I won''t tell you what because I will look even more stupid), and I think I am ready now to do what I want. Thanks again for your help Nicolas --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hello, Me again, because I don''t understand why the is_readable_by method is defined as a class method. If I have an class Invoice and that someone ask to view an invoice it should call @invoice.is_readable_by(current_user) and not with a generic Invoice.is_readable_by(current_user) . Would you mind explaining this choice? Thanks very much Nicolas --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Tranquiliste wrote:> Hello, > > Me again, because I don''t understand why the is_readable_by method is > defined as a class method. If I have an class Invoice and that someone > ask to view an invoice it should call > @invoice.is_readable_by(current_user) and not with a generic > Invoice.is_readable_by(current_user) . > > Would you mind explaining this choice? > > Thanks very much > NicolasSure thing. The is_readable_by() method pulls double duty. It is a class method as it supports the Object::index action, along with the Object::show action. Since the index action usually deals with a collection of objects, it must be a class method. The method includes a parameter variable, object, that can represent a singular object when checking access on that singular object. This takes care of the Object::show action (that normally deals with just one object). In your case, if you want to check access on a singular invoice object, you can do: Invoice.is_readable_by(current_user, @invoice). Hope this helps! -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---