Acts_as_authenticated


#1

Hello
I have been trying a number of security/login generators recently. My
favourite so far is the Acts_as_authenticated. I like the fact that it
is only billed as a starting point and doesn’t try to do everything.

I would like to add security roles to it, so that some of my controller
actions can only be used by an admin role. Has anybody implemented this
using acts_as_authenticated as a starting point? If so, would you mind
letting me have a look at some code?

Any help would be much appreciated as I am a newbie.
Regards
Harvey


#2

Hello,
I wanted to put out a message to the rails list to see who else might be
interested in setting up a rails rich-client framework. I am working on
a
Swing project with spring-rich (not my choice) but it occurred to me
that
the motivations behind going with spring-rich as a technology have
already
been solved by the rails API.
Some background on spring-rich, it basically takes the pluggable
framework
“spring” and extends it to developing Swing (rich-client) desktop
applications. Some of the things the spring-rich framework brings to
the
table are:

  1. IoC (Inversion of Control) containers (ala Struts or its own
    implementation)
  2. Data binding using whatever model you choose. For example the data
    binding framework could enable you to select an item in a grid control
    and
    which will fire a “rowSelected” type of event that will populate the
    text
    fields (or wotever fields) on a detail form.
  3. Business oriented events and hooks that allow you to implement
    things
    like security, login, printing, and hooks to frameworks like reporting
    systems (ala Jasper reports).
    In short it allows you to build desktop application with all of the
    widgets
    and speed that would bring to build data-bound, report-enabled
    applications
    without dealing with all of the plumbing behind it.

It occurred to me that Rails does these same things but does not have a
desktop (native) GUI library that it can bind to, and I suppose nor
should
it really. However I think such a project would be a serious contender
(if
not killer) of frameworks such as spring rich because of all the XML
configuration and jar file hell that is part of the motivation behind
using
rails in the first place for web applications.

It seems that a project like this could accomplish the following:

  • Provide an abstract means to bind to one or more native GUI tookits
  • Provide a data binding mechanism to link controllers to GUI events and
    link model objects to fields and GUI widgets.
  • Provide a stub to one or more reporting engines that would allow one
    to
    send models from the GUI context to report templates.
  • Provide a client-specific plugin capabilities that would allow people
    to
    implement plugins to solve domain specific problems such as login and
    authentication.
  • Integration with a deployment strategy such as JNLP or some native
    installation mechanism (i.e. Super-pimp installer).

Future or related projects could include designers such as GUI designers
and
report designers and GUI component libraries.

I know this is a long list but many feel that web applications are
simply
not fast enough or powerful enough to solve certain problems that native
application features could provide. I think that although it may sound
like
re-implementing VB in RoR I think that the problem domain holds and the
problems associated therein will remain. If nothing else, let’s help
those
out who have to deal with frameworks like spring-rich.

This is an initial poll to rally interest and see how many like-minded
souls
are out there. Please advise.

Best Regards,
Joe Graham
Josgraha [at] gmail [dot] com


#3

I guess you could put XUL on top of Rails and you would get something
pretty
close to what you’re describing.


#4

One easy way to do sort of what you’re describing with rails as-is is
to use firefox in fullscreen mode with no toolbars. Running on
localhost rails is very fast, and if you design your app this way you
get web access and portability for free. I’m doing a project like
this right now. All it does is load up webrick (hoping for a faster
option soon) and start a customized browser.

Carl


#5

On Jan 31, 2006, at 11:39 AM, Harvey B. wrote:

using acts_as_authenticated as a starting point? If so, would you
mind
letting me have a look at some code?

Any help would be much appreciated as I am a newbie.
Regards
Harvey

Harvey-

I added acts_as_tree to the acts_as_authenticated user model. Then I

add a role column to the user database table as well as the parent_id
column required by acts_as_tree. This allows me to have a user system
with roles that inherit from each other.

What I mean is that the user role systems is a tree. So the main

root superuser that you first create is the ‘root’ user or main
admin. You can then create, say sub admins under the root user and
moderator users under the root user. Then normal users go underneath
the subadmin or moderator, however you want to refer to it. This ends
up being pretty easy to implement. If you are interested contact me
off list and I can send you parts of the app. It’s an employee review
system for the newspaper I work for. So the publisher is the head of
all. And then there are directors under him and managers under
directors and employees under managers. This way no one can see back
up the tree. Each user in the tree can only edit and view users or
content created by themselves or users underneath them in the tree.

So here is the schema for the user table to use with

acts_as_authenticated:

create_table “users”, :force => true do |t|
t.column “login”, :integer, :limit => 6
t.column “email”, :string, :limit => 100
t.column “crypted_password”, :string, :limit => 40
t.column “salt”, :string, :limit => 40
t.column “activation_code”, :string, :limit => 40
t.column “activated_at”, :datetime
t.column “created_at”, :datetime
t.column “updated_at”, :datetime
t.column “active”, :boolean, :default => false
t.column “role”, :string, :limit => 20
t.column “parent_id”, :integer
t.column “first_name”, :string, :limit => 30
t.column “last_name”, :string, :limit => 30
t.column “users_count”, :integer, :default => 0, :null => false
end

Then i add acts_as_tree and any relations to the user model:

class User < ActiveRecord::Base
has_many :reviews
acts_as_tree :order => “role”, :counter_cache => true
#…
end

Then I use /user/signup only for the first root user. After that, a

user with rights to create subusers has to use the add_user action:

in user_controller.rb or account_controller.rb or whatever you

named your user controller.
def add_user
return unless request.post?
@parent = User.find(session[:user_id])
if @parent.children.create(params[:user])
redirect_back_or_default :controller => ‘dashboard’, :action
=> @parent.role.downcase
flash[:notice] = “Thanks for signing up!”
end
end

Notice that I redirect back to :controller => 'dashboard', :action

=> @parent.role.downcase. The dashboard is where you manage users
beneath you. and the @parent.role.downcase is the name of an action
in the dashboard_controller that matches the role of the user. So if
the @parent.role is ‘Publisher’, they will be redirected to /
dashboard/publisher. This scheme works out great for me and is pretty
simple to set up and customize. Its not the best if you need to have
a ton of roles but for less then 5-10 roles this works great.

Here is a helper method that will print out nested unordered lists

of all the users underneath your user in the tree and link to them or
whatever:

module ApplicationHelper
def find_all_children(parent)
if parent.children.size > 0
ret = ‘


    parent.children.each { |child|
    if child.children.size > 0
    ret += ‘

  • ret += link_to “#{child.role}: #{child.last_name}, #
    {child.first_name} : #{child.login}”,
    :controller => ‘review’, :action =>
    ‘boss_view’, :id => child
    ret += find_all_children(child)
    ret += ‘

  • else
    ret += ‘

  • ret += link_to “#{child.role}: #{child.last_name}, #
    {child.first_name} : #{child.login}”,
    :controller => ‘review’, :action =>
    ‘boss_view’, :id => child
    ret += ‘

  • end
    }
    ret += ‘

end
end
end
Keep in mind that this is a recursive method. If you don't set up

the counter_cache correctly in your user model it will issue a ton of
COUNT sql statements while it goes down the list of children users.
So make sure to set up a counter cache in the user model. The model
and schema above have this set up for you. Let me know how it goes. I
am thinking of adding this as an add on the the acts_as_authenticated
but its actually very little code so I may just keep it simple. Its a
bit app specific because of the roles and whatever your app needs so
keep that in mind.

Cheers-
-Ezra Z.
Yakima Herald-Republic
WebMaster
http://yakimaherald.com
509-577-7732
removed_email_address@domain.invalid


#6

Agreed on the Firefox point.

I completed a project about a month ago using this technique. Rails
with full-screen Firefox on Tablet PCs for the interface with DRb calls
to a central server as necessary. Rails-to-Rails web services might
have been a better option for the Tablet-to-Server communications in
hindsight, but it worked fine. Out-of-the-box Firefox with AutoHide
launching on boot-up. Couldn’t have been more simple.

-Brasten


#7

Joseph,

My first post here so take it easy on me :slight_smile:

I come for the world of Java and have done a couple (smallish)
spring-rich based projects. Here’s just a couple of comments in no
particular order:

  • spring-rich/Java doesn’t have to be jar hell, just use the right
    build tool (ahem, maven, ahem, or ivy as that’s what the spring project
    has appearantly chosen)

  • spring/spring-rich configuration isn’t that bad, presuming they’ve
    finally documented some of the magic component names you need to provide
    implementations of.

  • for many application problems does Ruby/Rails+Ajax provide a better
    solution than thicker RCP? I’ve been quite impressed with the ease of
    using Ajax within Rails apps.

That said, I too have thought about how compelling a Rails/RCP framework
could be. There’s always the tcl/tk bindings for GUI :wink:

Cheers,
DD


#8

Build the front end with XUL runner
http://developer.mozilla.org/en/docs/XULRunner

XULRunner is a single “gecko runtime” installable package that can be
used to bootstrap multiple XUL+XPCOM applications that are as rich as
Firefox and Thunderbird. It will provide mechanisms for installing,
upgrading, and uninstalling these applications.

Build the back end with RoR and WEBrick and run it on the local
machine. Use HTTP to talk to it.

The big advantage to XUL runner is that a year from now Firefox will
be a XUL runner app too. That means that anyone who is running
Firefox will already have your GUI run-time installed.

On 1/31/06, Joseph G. removed_email_address@domain.invalid wrote:

installation mechanism (i.e. Super-pimp installer).
You can already get all of this with XUL runner. Note that the
components in XUL ( http://xulplanet.com/references/objref/ ) can be
controlled by any language with XPCOM bindings. That includes C, C++,
Javascript, Java, Python. You don’t have to build everything with
Javascript.

You could even use Ruby to control XUL if someone wrote the XPCOM
bindings for it. It’s not very hard to do. It looks like someone has
already started: http://rbxpcom.mozdev.org/


Jon S.
removed_email_address@domain.invalid


#9

On 1/31/06, David M. removed_email_address@domain.invalid wrote:

Unfortunately rbxpcom seems to have died - there’s been no updates for
4 1/2 years, and it’s stuck on version 0.0.4, which doesn’t look that
promising.

It shouldn’t be too hard to fix it up. XPCOM hasn’t changed in four
years either. Or start again from scratch. It is only a few days work
to write XPCOM bindings for Ruby. But you do need to know C in order
to do it.


Jon S.
removed_email_address@domain.invalid


#10

Are there command-line parameters for launching firefox this way? I’m
only in the initial stages of this project so we haven’t yet figured
out how to do this. I wrote a quick sample app with a mozilla activex
control in it to accomplish the same thing, but it would be great to
be able to use an as-is version of firefox and have it load
automatically in fullscreen mode.

Thanks,
Carl


#11

Unfortunately rbxpcom seems to have died - there’s been no updates for
4 1/2 years, and it’s stuck on version 0.0.4, which doesn’t look that
promising.

Regards

Dave M.


#12

I ended up using this Autohide plugin:
http://www.krickelkrackel.de/autohide/autohide.htm

Once that’s installed, you can run firefox.exe -fullscreen. There will
be a couple seconds where Firefox pops up, maximizes and the various
tool bars disappear, but if that’s not a problem then it’s a pretty
decent solution.

I have been unable to get it working on the latest Firefox patch for
some reason (1.5.0.1), but 1.5 should work.

-Brasten


#13

Nice kiosk extension. I went looking for something exactly like that a
few months ago and was unable to find anything. Thanks for the tip!

  • Brasten

#14

On 2/1/06, Brasten S. removed_email_address@domain.invalid wrote:

I ended up using this Autohide plugin:
http://www.krickelkrackel.de/autohide/autohide.htm

Once that’s installed, you can run firefox.exe -fullscreen. There will
be a couple seconds where Firefox pops up, maximizes and the various
tool bars disappear, but if that’s not a problem then it’s a pretty
decent solution.

For a more advanced solution you could take the standard Mozilla
chrome and edit it to startup full screen instead of windowed. Then
start moz/firefox with firefox -chrome chrome://your edited UI.

There are also kiosk mode extensions like this one:
https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&category=Kiosk%20Browsing&numpg=10&id=1659

control in it to accomplish the same thing, but it would be great to

I completed a project about a month ago using this technique. Rails
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


Jon S.
removed_email_address@domain.invalid