There are a number of good authentication frameworks for rails - has
anyone
developed a generic authorization framework?
I’m thinking of something that included the concept of roles, mapped
roles
to both actions and users and could be used to wrap actions before their
invocation.
Extra good would be some way to check data permissions (as in, “yes you
can
perform the ‘Edit Dog’ action but only for beagles and chessies”), but i
don’t know if it’s possible to do that well in a general way.
thanks.
Larry
You could combine Ezra’s acl plugin with the new Edge Rails nested
scopes to
accomplish this. How is left as an exercise for the reader.
You can learn more about the acl plugin here:
http://www.brainspl.at/articles/2006/02/20/new-plugin-acl_system
and the nested scope stuff here:
http://blog.caboo.se/articles/2006/02/22/nested-with_scope
Bob S.
http://www.railtie.net/
From: [email protected]
[mailto:[email protected]] On Behalf Of Larry W.
Sent: Saturday, March 04, 2006 6:07 AM
To: [email protected]
Subject: [Rails] authorization framework?
There are a number of good authentication frameworks for rails - has
anyone
developed a generic authorization framework?
I’m thinking of something that included the concept of roles, mapped
roles
to both actions and users and could be used to wrap actions before their
invocation.
Extra good would be some way to check data permissions (as in, “yes you
can
perform the ‘Edit Dog’ action but only for beagles and chessies”), but i
don’t know if it’s possible to do that well in a general way.
thanks.
Larry
On 3/4/06, Bob S. [email protected] wrote:
You could combine Ezra’s acl plugin with the new Edge Rails nested scopes
to accomplish this. How is left as an exercise for the reader.
Thanks. My doctor said I needed more exercise.
What Bob said 
Actually I am working on integrating the nested
with_scope stuff into my acl_system plugin. I think it looks like the
best way to protect model records. I’ll let you know when its ready.
-Ezra