[ANN] acl_system plugin first look



Here is another plugin hot off the presses of the three day

weekend :wink: Its a role based authorization system. I have been talking
with Bill K. about this system so it ties in with his recent
announcement as well. Its just my implementation.

Its an acl/role type system that can sit on top of the

acts_as_authenticated login system or any login system that
implements a few requirements. You just need to make a roles table in
your db that habtm your User or account model. And you need to have a
controller method ‘current_user’ that returns the currently logged in
user. The acts_as_authenticated plugin already implements this and
this is what this implementation is built on top of, but it can be
used with any user authentication system that has the two features
mentioned above.

Lets see the candy here fist. This is what it looks like to use this

to protect your controller actions using roles and & | ! to define
complex permissions.

class PostController < ApplicationController

before_filter :login_required, :except => [:list, :index]

access_control [:new, :create] => ‘(admin | user | moderator) & !
[:update, :delete] => ‘(admin |
moderator) & !blacklist’,
:approve => ‘admin & (!moderator | !
blacklist)’ )

rest of controller actions


And then we have a controller/view helper that can be used to build

conditional menu’s and such:

<% if permit?("(admin | moderator) & !blacklist", current_user) %>
<%= link_to “Admin & Moderator only link”, :action =>‘foo’ %>
<% end %>

In the permissions logic strings you can use as many nested parens

and logic as you want to define what roles have permissions to access
which action. The plugin contains a small recursive descent parser to
parse the permissions logic strings. If you want application wide
protection for certain actions then you can put this in the
application.rb. The one thing to remember is to put the
access_control macro after the login_required before filter. This
plugin is for authorization and assumes that the user is already
logged in.

Here is a link to the announcement on my blog where I go into more

detail about how to use this in your applications:

The main goal of this implementation is to be lightweight as as non

imposing as possible. It does what it does and gets out of your way.
Right now it only works for protecting your controller actions. I am
working on the next version that has a similar protection scheme for
protecting specific model records with similar permissions
flexibility. I will release this part very soon.

I appreciate any feedback that anyone has about this system. It

works well for me in the app that I built it for and I am eager to
get more feedback to further improve things. You can get it from svn



script/plugin install http://opensvn.csie.org/ezra/rails/plugins/dev/


-Ezra Z.
Yakima Herald-Republic