Greeting. I was wondering if anyone is using AOP (Aspect Oriented Programming) to ensure login and authentication before allowing someone access to controllers and models. I found two versions of RCR 321 that discuss cut-based AOP, but as far as I can tell there isn't an implementation of the RCR as an AOP framework. Additionally, I tried to dig up information on Aspect4r and AspectR. Aspect4r is a no-who. Aspect4 is out on SourceForge, but it doesn't appear to be an active project. The problem I want to solve is eleminating boiler-plate code from controllers and models that ensures a user is logged in and has rights to access a controller or model. This has to be a problem others are confronting and have already solved. What approach is usually used? Does the Salt Login engine do this? Does anyone use AOP?
on 2006-03-01 21:40
on 2006-03-01 21:49
Cody S. wrote: "Aspect4r is a no-who." DOH! Make that "Aspect4r is a no-show" :o)
on 2006-03-01 23:02
As I understand AOP, using :before_filter to "drop in" user authentication is a classic case of AOP in action. This is a common approach to that specific task; it redirects your app to a block of code whenever a controller is accessed. Similarly, using :after_filter to "drop in" logging would be another case of following AOP practices in Rails. It's probably not as common as before_filter authentication, but I suspect a lot of people are implementing logging in this fashion. Authentication and logging are the two classic use cases for AOP, although there's obviously many others. However, I'd say support for AOP is built into Rails via :before_filter and :after_filter, is widely used, and there's (possibly) no need to look at external AOP/Ruby libraries for many/most AOP-style requirements. Does this answer your question? Regards Dave M.
on 2006-03-01 23:43
Yes it does. That isn't a lot of code to add to a controller for the functionality you get, and it just adds one more reason to love RoR. :o)