ANN: ActiveRBAC 0.2 Released


ActiveRBAC 0.2 Released

I’m happy to announce the release of ActiveRBAC 0.2. ActiveRBAC is a
authentication and permission management library for Ruby On Rails.

ActiveRBAC is aiming to become the “standard” authentication and
authorization layer for RoR so that Engines (“Components” called
outside of RoR) can become really interchangeable since they use the
same user/permission schema.

Grab your copy now from


If you want to learn more about ActiveRBAC, visit:


[1] and [2] might be unavailable from 7pm-8pm PST today because of
server maintainance.

There is a mailing list for this project at:


Feel free to post questions, suggestions and errors there. You can
find a Trac instance for bug reporting at [2]

Changes from 0.1 to 0.2

  • ActiveRBAC supports RoR 0.14.x now (and should thus support 1.0)
  • The verify_block macro has been removed. Use a before_filter
    instead. The minicms-roles and minicms-permissions contain examples
    of this.
  • ActiveRBAC can now be configured using config/
    active_rbac_configuration.rb. This configuration file is loaded on
    every request in developer modes so changes are instant.
  • The rbac_railfix file has been moved to a plugin where mixins belong.
  • The user schema adds a “password_salt” field and passwords are
    salted now. This breaks compatibility with data from 0.1 since
    passwords are hashed in an incompatible way (hash(password + salt)
    instead hash(password)). We suggest you to notify your customers (if
    you are using 0.1 in production already) per email. Resetting their
    password is no problem with ActiveRBAC’s interface.
  • The idiosyncratic differentiation of actions (e.g.
    “confirm”-“acknowledge”) has been removed in RegistrationController
    and LoginControlle. Actions are considered the same now and "confirm
  • GET" is old “confirm” and “confirm + POST” is “old aknowlegde”.
  • Added some HOWTOs, general documentation update.
  • Added “permissions” derivation of “minicms” to demonstrate the
    usage of permissions.
  • Moving User::STATES to User.states (constant => method) so it can
    be overridden easier.

Future Plans

“Rails Engines” is striving for world domination and ActiveRBAC will
join this project’s course :slight_smile: We will soon convert ActiveRBAC into an
Engine and thus make using and customizing it easier.

We want to make the system useable in a multilangual environment.
Thus we will incorporate i18n and l10n (fuzzy buzzwords - but still!)
into it.

We will also add caching and improve the ARBAC’s performance in a
future release.


Manuel H.