Forum: Ruby on Rails How to Password Protect a Controller

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Arch S. (Guest)
on 2006-03-30 09:46
Several of my models I want to password protect, so that only an admin
can enter/destroy data.  Is there an easy way to accomplish this by
password protecting controllers?
Chris C. (Guest)
on 2006-03-30 10:36
Sure, have a look to the login generator (gem install login_generator)
-, then script/generate

It's very easy to use.
Arch S. (Guest)
on 2006-03-31 11:16
Christophe G. wrote:
> Sure, have a look to the login generator (gem install login_generator)
> -, then script/generate
>
> It's very easy to use.

I tried that out, however it is exposed itself, allowing anyone to
register and therefore be an admin (if I use it that way).

What I'm trying to figure out is how to build in logic so that all the
CRUD methods are gated.
Chris C. (Guest)
on 2006-03-31 14:45
You can remove signup logic in controller.
You must see the login_generator as a tool to produce a skekelton with
basic functionnalities, but it's very clean and can easily tailored to
suit your needs.
Steve K. (Guest)
on 2006-03-31 15:20
I'm pretty happy with the login_engine/user_engine combo. LoginEngine
provides the basic signup, login and password recovery functions and
UserEngine adds simple role-based access control that you can tune down
to single actions. My baseline user privileges are pretty much identical
to a guest's. Only those who have explicitly been assigned other roles
have any privileges on protected controllers.

Shut off new-account signup entirely -- or restrict it to admins -- and
you should be all set if that's what you want.

Arch S. wrote:
> Christophe G. wrote:
>> Sure, have a look to the login generator (gem install login_generator)
>> -, then script/generate
>>
>> It's very easy to use.
>
> I tried that out, however it is exposed itself, allowing anyone to
> register and therefore be an admin (if I use it that way).
>
> What I'm trying to figure out is how to build in logic so that all the
> CRUD methods are gated.
Arch S. (Guest)
on 2006-03-31 20:52
Steve K. wrote:
> I'm pretty happy with the login_engine/user_engine combo. LoginEngine
> provides the basic signup, login and password recovery functions and
> UserEngine adds simple role-based access control that you can tune down
> to single actions. My baseline user privileges are pretty much identical
> to a guest's. Only those who have explicitly been assigned other roles
> have any privileges on protected controllers.
>
> Shut off new-account signup entirely -- or restrict it to admins -- and
> you should be all set if that's what you want.
>


I cannot find the user_engine gem.  I wanted to look at some
documentation before installing.

Anyone have a link?

Thanks.
Chris C. (Guest)
on 2006-04-01 01:36
Have a look here : http://rails-engines.org/
This topic is locked and can not be replied to.