similar to: Membership Management System Plugin/Gem?

Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the

Hiall, I would be very interested in your opinions on the ModelSecurity plugin by Bruce Perens. http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html Some time ago, I read on a few pages that it is the way to go, on this list however, I didn''t read much about it. Apart from it''s security level, quoted from comments in source code: # FIX: At the moment we only support

How to carry out log in, whether that is we enter a login and the password and it is checked is in a database? -- Posted via http://www.ruby-forum.com/.

I want to setup an api for my web app, but i had a few question on the best way to do this. I was hoping for some input from you experienced individuals and rails rock stars. 1) Is there a way to implement a login in feature so that api methods cant be called without proper authorization? This is so i can log activity and use of the api from different people and so -------------- next part

I just saw a mention here of LoginEngine, which I hadn''t heard of before. Last week when I was digging for user-account sample code for my web-app, I instead found the LoginGenerator and started using that: http://wiki.rubyonrails.com/rails/pages/LoginGenerator Is one of these preferred over the other? From skimming the API docs, it does seem that LoginEngine has more features,

I''d like to always add a condition to any version of "find" (e.g. Thing.find(), Thing.find_by_name(), Thing.find_by_whatever) so that in addition to whatever conditions are set, an additional condition is set :conditions=>"user_id=#{current_user.id}" I''d like to make sure that a user only sees/edits/creates entries in the database that have the user_id

Hi all, I''m posting this in the hope that someone who understands rails dependencies can shed some light. I''ve implemented a "ModelSecurity" module in the vein of Bruce Peren''s old ModelSecurity plugin (http://rubyforge.org/projects/model- security/). My ModelSecurity module lives in $RAILS_ROOT/lib. It is automatically included into ActiveRecord::Base by a

I''m trying to install Bruce Perens'' ModelSecurity gem, but it keeps asking me if I want to install rails too (I have already installed rails). It exits if I say no and crashes if I say yes: C:\>"c:\ruby\bin\ruby.exe" "c:\ruby\bin\gem" install model_security_generator Attempting local installation of ''model_security_generator'' Local gem

Does anyone know a way to restrict access to specific columns in the model to specific users? My plan was to use the session hash to check the permissions of the logged in user in an overridden method of the same name as the model accessor I wanted to restrict, but the model can''t acecss the session. Any other ideas? -- Posted via http://www.ruby-forum.com/.

Hi I am happy to announce the 0.3.1 release of ActiveRBAC Engine. The biggest improvement on the 0.3 release is that it runs with Rails 1.1 now. Get your personal copy now from https://activerbac.turingstudio.com/releases :) There is a manual PDF with a tutorial available at https://activerbac.turingstudio.com/releases/ActiveRbacManual.pdf which is also included in the full

Hi group, I was wondering if anyone more experienced could help me to find a good pattern for two things: 1. How to group controllers. Example: We have an admin panel with: user_managment_controller.rb priv_managment_controller.rb widget_controller.rb User panel with: mystuff_controller.rb mytags_controller.rb profile_controller.rb And frontend with: widget_controller.rb etc... How do I group

Hi I have just released the 0.3 revision of ActiveRecord - make sure to get the fresh, hot packages from https://activerbac.turingstudio.com/releases What is ActiveRBAC? ------------------- ActiveRBAC is a Ruby on Rails library that provides a full stack RBAC (Role Based Authorization) system with user, group, role and permission management. It provides models and controllers to edit

there is a blog about it http://www.realityforge.org/articles/2005/11/12/aaa_in_rails There are so many Authentication/Authorization/Auditing generators now, just like the situation in java''s world, Too many components doing the samething just make me confusion. Why not add one to rails core lib and everybody can extend it for their requirement ? -- Posted via

I''ve just put a new Ruby On Rails application up for testing at: <http://rtest.openprofile.net> Open Profile can be used as a login and user profile module for any Ruby On Rails application. Its purpose is to minimize the hassle of joining new web forums (or anything else on the web that requires you to enter a user name, email addres, password twice, etc.). If it''s

Hi all I have a Model like this: class Member < ActiveRecord::Base attr_accessible :username, :email, :first_name, :last_name end I have created a scaffold using script/generate scaffold member members Using the URL localhost:3000/members/edit/1 I can edit all attributes, including created_at, lock_version etc.! But it should only show the attributes I listed in attr_accessible! What

Hello, I want to allow some users to manage other user accounts, but do not want them to manage the admin account. I have tried auth_generator, login_engine and user_engine I am having a hard time gettign this to work. Looking for advise and help. Thanks Frank -------------- next part -------------- An HTML attachment was scrubbed... URL:

Hi, I just finished writing this plug-in. I''ve been using rails for awhile but this is my first time extracting some code and writing it as a plug-in and I''d love to hear to some feedback. Thanks. http://mitchellhashimoto.com/rails/role-based-access-control-plug-in-for-rails/ -Mitchell -- Posted via http://www.ruby-forum.com/.

I am a the point now where I have to add user authentification to my application. Anyone can point me toward an easy to use / secure library? I know about ActiveRBAC and was wondering if there is anything else that I should consider. Thanks! -- Posted via http://www.ruby-forum.com/.

Modelsecurity aims to provide access control within the data model so that it becomes easy & efficient to specify read or write access to individual fields. It has one of those "why didn''t I think of that?" designs which make a lot of sense. Has anyone else tried using the latest release of ModelSecurity? What has been your experience? Home

How''s the experience with using ActiveRBAC? For my "next 4 days with rails" :P I''d like to consider adding Role-based access to the To-Do List application in the original "four days w/ rails" tutorial. Just wondering if ActiveRBAC would be a good place to start? Thanks! For those who are wondering: https://activerbac.turingstudio.com/trac Cheers Mohit.