Forum: Ruby on Rails Fine grained access control

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Jonathan V. (Guest)
on 2006-02-14 14:33
Hi,

I'm building an application which is going to require quite fine grained
access control. Deciding if a user is allowed to access an action will
probably require checking quite number of different rules, so a simple
role-based system won't be flexible enough.

The approach I think I will try first is, if it's possible, to ignore
permission issues inside the actions. I think this may be achievable by
using quite a complicated before_filter to decide if the current user is
allowed to execute this action with the given parameters.

Anyway, if anyone could lend a bit of their experience, or possibly even
better, recommend some resources which cover building larger permissions
systems (books, articles etc...) I'd be very grateful.

Thanks, Jonathan.
AC Green (Guest)
on 2006-02-14 15:59
> Anyway, if anyone could recommend some resources which cover building larger permissions 
systems (books, articles etc...) I'd be very grateful.

Ditto.

I discovered what we are talking about is known as RBAC : Role-Based
Access Control.  There are several discussion at Sitepoint on the topic.

Regards

Tony Green
Ben M. (Guest)
on 2006-02-15 05:26
(Received via mailing list)
AC Green wrote:
> Tony Green
>
Bruce P. wrote a RBAC called ModelSecurity. It's available as a gem:

gem install model_security

Here's the site:

http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html

b
Ben M. (Guest)
on 2006-02-15 05:29
(Received via mailing list)
Ack... a bit tired... that should be "gem install
model_security_generator".
Jean-Christophe M. (Guest)
on 2006-02-16 15:51
(Received via mailing list)
AC Green a écrit :
>>Anyway, if anyone could recommend some resources which cover building larger permissions 
systems (books, articles etc...) I'd be very grateful.
>
> I discovered what we are talking about is known as RBAC : Role-Based
> Access Control.  There are several discussion at Sitepoint on the topic.

See https://activerbac.turingstudio.com/
It implements RBAC for rails.
This topic is locked and can not be replied to.