Forum: Ruby on Rails require_role on a per action basis

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Mike B. (Guest)
on 2009-05-27 03:01
I am working on an app that has three roles (user, admin, business). I
have the situation where all three roles interact with the same
controller, but have access to different actions. Some actions are
authorized for 2 roles (admin, business), and others are only authorized
for one role (administrator).


Does anyone know if there is a commonly used pattern for security on a
per action basis?

What I would like to do is be able to map which roles are authorized to
call which actions and be able to call a :before_filter in my
controller.

In my head I'm thinking of something like

before_filter :authorize_action => :except [:public_action1,
:public_action2]


Thanks for any input.
BenH (Guest)
on 2009-05-27 03:38
(Received via mailing list)
Consider restful_authentication and rolerequirement
http://code.google.com/p/rolerequirement/


On May 26, 4:01 pm, Mike B. <removed_email_address@domain.invalid>
Marnen L. (Guest)
on 2009-05-27 06:01
BenH wrote:
> Consider restful_authentication

Yup. Or authlogic.

> and rolerequirement
> http://code.google.com/p/rolerequirement/

Or rails_authorization.

There are probably other plugins as well -- these are *very* common
tasks.

Best,
--
Marnen Laibow-Koser
http://www.marnen.org
removed_email_address@domain.invalid
Mike B. (Guest)
on 2009-05-27 12:42
Thanks for the links. Very appreciated. I will take a look at these
*very* common tasks.


Marnen Laibow-Koser wrote:
> BenH wrote:
>> Consider restful_authentication
>
> Yup. Or authlogic.
>
>> and rolerequirement
>> http://code.google.com/p/rolerequirement/
>
> Or rails_authorization.
>
> There are probably other plugins as well -- these are *very* common
> tasks.
>
> Best,
> --
> Marnen Laibow-Koser
> http://www.marnen.org
> removed_email_address@domain.invalid
This topic is locked and can not be replied to.