In honor of RailsConf, I’m releasing an authorization plugin with 3
test apps that show you how to use the system. A reasonably lengthy
description can be found here:
http://www.writertopia.com/developers/authorization
I will also be talking about the plugin’s architecture in my RailsConf
talk on Saturday.
Some features:
-
Nice English-like way of expressing permissions through roles and
the objects which give the scope of the roles. You can say things
like:
permit “(matz or dhh) and interested in Answers”
-
The plugin easily handles roles associated with particular model
instances. You can handle a moderator of meeting #23 as easily as you
can handle a user being a general “site admin”.
-
You can choose how much database you’ll use for the roles (and the
complexity of your authorization system) through a choice of mixins.
Each mixin provides “acts_as_authorized_user” for your User-like
object and “acts_as_authorizable” for your authorizable objects.
-
The test apps include an integration test with a simple DSL
developed after reading Chad F.'s most excellent Rails Recipe
book. The object_roles_test app might be useful as a scaffold for new
apps that want authentication and authorization.
-
It’s reasonably easy to hook into existing authentication systems.
-Bill
On Jun 22, 2006, at 12:23 AM, Bill K. wrote:
the objects which give the scope of the roles. You can say things
object and “acts_as_authorizable” for your authorizable objects.
-
The test apps include an integration test with a simple DSL
developed after reading Chad F.'s most excellent Rails Recipe
book. The object_roles_test app might be useful as a scaffold for new
apps that want authentication and authorization.
-
It’s reasonably easy to hook into existing authentication systems.
-Bill
Bill-
Very cool. Congrats on the release. Looking forward to the talk!
-Ezra
On Thursday, June 22, 2006, at 12:23 AM, Bill K. wrote:
the objects which give the scope of the roles. You can say things
object and “acts_as_authorizable” for your authorizable objects.
Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails
Good stuff, particularly the record level authorization stuff.
I took a quick look through the plugin and didn’t see any helpers for
views.
Using the ‘user_engine’, you can do things like…
link_if_authorized
and
current_user.authorized?
…to make your views appropriate for the user. Can you do this with
this system?
(I may have missed it, haven’t finished my coffee yet.)
_Kevin
On Thursday, June 22, 2006, at 8:54 AM, Bill K. wrote:
and
http://svn.writertopia.com/svn/plugins/authorization/init.rb
resource, Jon Dugan (the main programmer for Simbiome, recently
Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails
Ah, cool!
I’ll have to take a closer look now.
_Kevin
On 22 Jun 2006 12:10:52 -0000, Kevin O.
[email protected] wrote:
…to make your views appropriate for the user. Can you do this with
this system?
(I may have missed it, haven’t finished my coffee yet.)
_Kevin
Kevin,
Take a look at the init.rb for the plugin:
http://svn.writertopia.com/svn/plugins/authorization/init.rb
You’ll see that the ControllerInstanceMethods module, which contains
permit and permit?, are mixed into ActionView. This allows you to do
things like:
link if permit?(“member of :workshop and not crazy”)
A slightly older form of the plugin is used in an open sourced
biomedical resource directory called Simbiome
(http://www.simbiome.org). If you look at the view code for a
resource, Jon Dugan (the main programmer for Simbiome, recently
converted to Ruby from Perl) used a view-side permit to show an “edit
this resource” link:
https://simtk.org/websvn/wsvn/simbiome/trunk/rails/app/views/resource/show.rhtml
The permit methods automatically don’t redirect when the object
doesn’t support it.
-Bill