Authentication and authorization

I’d like some help to do both.
Either an easy way to do it from scratch or a gem.

I saw the way it’s done at Ruby on Rails Tutorial, but couldn’t
understand
it very well, so thats why I want an easier way (or gem).
I’ve been told that the gem Devise does the Authentication, but not the
authorization. Is it true? Or can I do authorization with Devise?

Thank you,
Rodrigo

You might want to look into the trinity of devise, cancan and omniauth.
That
handles everything. Cancan is used for authorization.

On Fri, Jul 8, 2011 at 9:43 AM, Rodrigo R.
[email protected]wrote:

Rodrigo, the goal of the Ruby on Rails Tutorial was to teach you the
fundamentals of Rails and how to build web applications using the
framework. Thus, within one or maybe two of his lessons, he showed you
how
to build authentication for a Rails application using TDD
from scratch. He just wanted you to be familiar with what goes into
authentication so that you could better understand gems like Devise
and Authlogic. Next, I would highly recommend taking another look at
this
material within the book and make sure you understand it
before jumping into one of the authentication gems. Furthermore,
reading
the source and documentation of these gems are always a good
thing to understand what it’s doing/(not doing) and how it’s being done.
In
short, the goal of the tutorial is learning Rails using TDD to
enforce an understanding of the concepts within the framework. Also,
please
do not rush the learning process because it’s like building
code without tests.

Good luck,

-Conrad

you could try authlogic too. it’s very easy to configure and use.

I definitely agree with Conrad on this one. If you are finding that you
still don’t feel comfortable with what you read in the book and through
your learning course, go back and read it again, or read another source.

Any gem, especially authentication, will not be a 100% viable solution
to what you want to do going forward. You may find some issues
understanding configuration or monkey patching the gem to do what you
desire.

Also, understand that authentication != authorization. Authentication
is meant only as a way to determine that you are who you say you are.
Authorization determines the scope of permissions you are given
depending on whether you are authenticated or unauthenticated. If you
grab 3 different gems which are not 100% compatible with one another,
you may find some serious issues down the road.

I would ask you to write your own very basic authentication solution so
you can begin to analyze and understand how it all works, and then
refine it going forward. Devise is a very strong full featured
authentication solution, but it’s the equivallent of having every
microsoft office product on your machine when you only want to use
excel. It also has a learning curve.

Thank you very much, I’ll look into it

Maybe have a look at Cream [1]. It handles authentication,
authorization, user roles, and permissions in a single project (making
use of devise and cancan). It seems to be actively used and developed.

I’ve not yet tried it, but I’m about to make my first steps.

[1] GitHub - kristianmandrup/cream: Integrates Devise, Roles and CanCan with Permits for a Rails 3 app

Kenny

Actually it is deprecated by the author, and there’s another project
called “troles”[1] which looks much better.

[1] GitHub - kristianmandrup/troles: Roles for Rails 3

Kenny

devise+cancan

On Sat, Jul 9, 2011 at 10:03 PM, Kenny M. [email protected]
wrote:

wrote:

[1] GitHub - kristianmandrup/cream: Integrates Devise, Roles and CanCan with Permits for a Rails 3 app

understand
“Ruby on Rails: Talk” group.
Groups
“Ruby on Rails: Talk” group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

–
Rajeev Kannav
Sharmahttp://www.google.com/search?q=Rajeev+Kannav+Sharma&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a