[ANN] ActiveRbac 0.3 release - We're now on Engines


#1

Hi

I have just released the 0.3 revision of ActiveRecord - make sure to
get the fresh, hot packages from

https://activerbac.turingstudio.com/releases

What is ActiveRBAC?

ActiveRBAC is a Ruby on Rails library that provides a full stack RBAC
(Role Based Authorization) system with user, group, role and
permission management. It provides models and controllers to edit
those models (obviously it should also provide views which it does ;))

Useful URLS:

https://activerbac.turingstudio.com - the project’s page
https://activerbac.turingstudio.com/api/ - API documentation
https://activerbac.turingstudio.com/releases/ - download it here
https://activerbac.turingstudio.com/source/ - our SVN repository
is here

If you have any questions or suggestions for us, contact us via our
mailing list (or contact me directly if you prefer that):

removed_email_address@domain.invalid

You can sign up here:

https://lists.cloudcore.com/mailman/listinfo/rbac-dev

Changelog

active_rbac

  • Moving configuration into the “ActiveRbac” module as is normal for
    engines.
  • Controllers have been moved into a subdirectory “active_rbac” so
    they can be in the namespace “ActiveRbac”
  • The structure of ActiveRBAC has been changed to the of an engine.

rbac_demo

  • minor template tweakings
  • Adding a protected page
  • Uprading some script/* files
  • ActiveRBAC is not imported as a component any more. It is used as
    an engine now.

minicms

  • minicms_permissions_only works now with the ActiveRbac engine
  • removing railsfix plugin - that’s now in the ActiveRbac engine
  • removing protect_rbac plugin - that’s also now in the ActiveRbac
    engine

generators

  • removing rbac_railfix since this is now in the engine

Regards,

Manuel H.


#2

Sorry… I’ve got to say it… “oh no… another security/login system
for rails…” :-/

b

PS: nothing negative intended towards your plugin though… it’s
probably the best…
other than EZ’s of course cuz he just rocks.


#3

Check out the splat…

-Nb

 Nathaniel S. H. Brown                           http://nshb.net

#4

Am 24.02.2006 um 05:41 schrieb Ben M.:

Sorry… I’ve got to say it… “oh no… another security/login
system for rails…” :-/

Wait, it’s the security system to end all security systems :stuck_out_tongue: - just
kidding. You’re free to ignore it, of course.

PS: nothing negative intended towards your plugin though… it’s
probably the best… other than EZ’s of course cuz he just rocks.

Who is EZ?

Regards,

Manuel


#5

probably the best… other than EZ’s of course cuz he just rocks.

Who is EZ?

Regards,

Manuel

Nathaniel S. H. Brown wrote:

Check out the splat…

http://brainspl.at/articles/2006/02/20/new-plugin-acl_system

Yep… that’s EZ.

And, Manuel, just wanted to stress again that I’m not saying there’s
anything wrong with
you creating another security system for rails.

However, at some point it would be good if all these systems could join
up and consolidate
into one or two (maybe just basic login vs. RBAC) systems. I think
another security system
writer on the list was proposing at least a naming convention.

b


#6

I think that FAR greater than the need to consolidate into one system
(watch DHH break out in hives at the phrase ‘The O. True
Authentication System’) is

     *Crystal-Clear Documentation*

…from the overview level down to the API, about how these each system
works.

Then we’ll start boiling stuff down to patterns, discovering
similarities AND disparities, and where if possible and/or desirable
things can be merged or made consistent. That was the essence, as I
took it, of Ezra’s recent post[1]. Developers should then be able to
easily recognise whether or not they can use a particular
‘pre-packaged’ login (or whatever) system, or alternatively take use
the patterns described to wrangle their own (if they prefer
Frontierland to the Magic Kingdom).

I’m chastising myself more than anyone - my documentation certainly
needs to be whipped into shape. But isn’t the point of open source so
that I can get you people to do my work? :wink:

  • james

[1] Although it shouldn’t be taken that he’s defined the ‘One True
RBAC Pattern’ either. The space is wide open, and there’s absolutely
nothing wrong with striking out on your own, should you perceive the
need. That’s the nature of progress, after all.

On 2/24/06, Ben M. removed_email_address@domain.invalid wrote:

probably the best… other than EZ’s of course cuz he just rocks.
http://brainspl.at/articles/2006/02/20/new-plugin-acl_system
b


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails

  • J *
    ~

#7

Nathaniel S. H. Brown wrote:

Check out the splat…

http://brainspl.at/articles/2006/02/20/new-plugin-acl_system

Yep… that’s EZ.

And, Manuel, just wanted to stress again that I’m not saying
there’s anything wrong with you creating another security system
for rails.

I did not take any offense, I was just amused a bit :slight_smile:


#8

Am 24.02.2006 um 17:50 schrieb James A.:

I think that FAR greater than the need to consolidate into one system
(watch DHH break out in hives at the phrase ‘The O. True
Authentication System’) is

Watch me break out in hives when reading some parts of David’s
ramblings :slight_smile: (I hope nobody takes offense). Different people have
different requirements and different opinions. This is what freedom
of thought and speech is about :slight_smile:

     *Crystal-Clear Documentation*

Yes, this is essential and lacking for so many commercial and open
source applications. With open source, you can look at the code to
figure things out for yourselve if everything else fails.

I’m chastising myself more than anyone - my documentation certainly
needs to be whipped into shape. But isn’t the point of open source so
that I can get you people to do my work? :wink:

Back when working on binarycloud (http://www.binarycloud.com), we
hoped for the same thing. In the end it were the same three people
doing the work. With rails it seems to be reversed: So many patches
in the tracker and no developer to incorporate them (even if they fix
bugs). :wink:

[1] Although it shouldn’t be taken that he’s defined the ‘One True
RBAC Pattern’ either. The space is wide open, and there’s absolutely
nothing wrong with striking out on your own, should you perceive the
need. That’s the nature of progress, after all.

Yerp, I hope we will never see software/trivial patents in Europe and
cease them to exist in the US.


#9

James is right. I just think its important to recognize patterns
that keep emerging in these types of systems and try to consolidate
them a bit. The implementation is left up to the user, they could
pick which backend or plugin they like the best. I just wanted a
little discussion of what people think would be the easiest to use
declarative syntax for protecting controllers and models. then its up
to others to either use my implementation or another one.
Documentation is always a good thing.

I have used ActiveRbac in a project and it served me very well and

is a great system. My current plugin, acl_system, is an extraction
from a real application where I had to solve this problem. And the
best frameworks come from extractions. I just needed something simple
and lightweight yet flexible in the syntax used to control which
roles have access and which don’t. I will be adding more to the
plugin as far as protecting models soon after I get some more
feedback as to what people think is a nice syntax. Or after I
implement it in my app and extract that to share with others.

There is no one true login system. But by defining a few patterns I

have recognized, i have been able to make an authorization(not
authentication) plugin that will sit on top of any login system that
implements two certain things, which most of the currently available
options already do have. This way it is decoupled from any one login
system to avoid the “One true system” because that is a pipe dream.
But I do see a lot of rails appsw and code these days and the things
that I end up repeating in more then one app are worth extracting if
it makes sense to do so. And the rails community has been so nice to
me when I was getting started that its only fair I give back when I
come up with something that solves a problem I think other rails devs
will come across.

Other then that, please do check out all the option before you

choose one or you may want to write you own. But it doesn’t hurt to
unify patterns that i see emerge more then once and offer them up for
discussion.

I hope I never do see the One True login system ;)

Cheers-
-Ezra
On Feb 24, 2006, at 8:50 AM, James A. wrote:

similarities AND disparities, and where if possible and/or desirable

Sorry… I’ve got to say it… "oh no… another

b

  • J *
    ~

Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails

-Ezra Z.
Yakima Herald-Republic
WebMaster
http://yakimaherald.com
509-577-7732
removed_email_address@domain.invalid


#10

On 2/24/06, James A. removed_email_address@domain.invalid wrote:

(if they prefer Frontierland to the Magic Kingdom).

s/Magic Kingdom/Tomorrowland/

D’oh - Frontierland is in the Magic Kingdom. It’s clearly been far
too long since I’ve been to Disneyland :slight_smile:

  • J *
    ~

#11

Alain R. wrote:

Being free is not an excuse for poor/absent/less-than terrific
documentation.

Poor documentation is an insult to the community.
It means "After spending days or weeks on writing the code, I don’t want
to spend an hour or two or three writing a good doc
And therein lies the rub… It takes more than an hour or two to write
good documentation. Good documentation must be consistent, readable,
and most importantly correct and up to date. A documentation bug can be
much more pernicious than a code bug - apart from anything else, it’s
impossible to test. There’s a reason good technical writers are paid
well. The skill-set just doesn’t intersect that well with coding.

so that thousands of
people will just have to spend 5-10 minutes to figure out if my tool is
right for their needs. Instead, they just have to download, install,
create a fake project, test, read code, digg, and spend hours/days on
it. And who cares if they hit a wall later in their project, that you
just find out when you’re an advanced user."
So, does becoming an advanced user and not contributing doc patches also
constitute an insult to the community?


#12

Manuel H. wrote:
>> Crystal-Clear Documentation
> Yes, this is essential and lacking for so many commercial and open
> source applications. With open source, you can look at the code to
> figure things out for yourselve if everything else fails.

Being free is not an excuse for poor/absent/less-than terrific
documentation.

Poor documentation is an insult to the community.
It means “After spending days or weeks on writing the code, I don’t want
to spend an hour or two or three writing a good doc so that thousands of
people will just have to spend 5-10 minutes to figure out if my tool is
right for their needs. Instead, they just have to download, install,
create a fake project, test, read code, digg, and spend hours/days on
it. And who cares if they hit a wall later in their project, that you
just find out when you’re an advanced user.”

Multiply that by 10 (approx. number of available login
frameworks/solution)…

Alain


#13

One way to make documentation easier is to start working on a reasonable
DSL, document its use first, see how an implementation works in the real
world, then iterate. For my part, I posted a first pass at an
authorization
DSL that sits on top of an authentication system that meets a few
requirements. I’ve also released a plugin that implements most of the
ideas.
(http://www.billkatz.com/authorization)

Both Ezra and I have similar ideas, so we’re going to collaborate and
hopefully smooth away the rough edges. Once we have a workable
authorization
DSL, we’ll definitely come up with a tutorial, but it’ll help us if we
get
input and feedback now.

I don’t think one way of authorization will rule them all and create
consolidation. It’s possible, though, that one authorization system hits
the
sweet spot of many Rail developers. I just want to get something that
works
well for the web apps I’m developing, and I hope it works well for Ezra
and
whoever else finds it useful. An authorization system that is both
simple
and meets my needs probably will not be useful to someone with very
complex
authorization requirements. And that’s fine. Once we get to the stage
James
describes, it’ll be clear what each of the different systems provide and
if
there’s a clear path (or desire) for merging.
-Bill


#14

On 2/25/06, Alex Y. removed_email_address@domain.invalid wrote:

and most importantly correct and up to date. A documentation bug can be
much more pernicious than a code bug - apart from anything else, it’s
impossible to test. There’s a reason good technical writers are paid
well. The skill-set just doesn’t intersect that well with coding.

I agree with Alex. I recommend them to be included in all my
projects.
-Larry

Alex


Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails


Best Regards,
-Larry
“Work, work, work…there is no satisfactory alternative.”
— E.Taft Benson


#15

Hello everyone,
newbie question concerning the installation of activeRbac on rails 1.1.1
(ruby 1.8.4) MS xp.

The ActiveRbacManual says in section 1.2.1 (installation):
“As of Rails 1.0 we can use Railâ??s built in plugin manager. First, we
have to get
alistofallpluginsavailablethroughthepluginmanager. Enter./script/plugin
discover at your shell in your Rails projectâ??s directory. Then, you can
install
Rails Engines by typing ./script/plugin install engines.”

which works fine. But then it says:
“After you have installed the engines plugin, you can go ahead and
install
ActiveRBAC. The easiest way is - again - to use Railsâ??s plugin manager.
Type
./script/plugin install active_rbac at your shell and ActiveRBAC will be
installed in vendor/plugins .”

when I enter “ruby script/plugin install active_rbac” I get “Plugin not
found: active_rbac”
Do I have to store the activeRbac tar ball anywhere specific, to execute
the command?
any clues?

many thanks,
Kleas