Authorisation question


#1

My authentication (signup/login) is up and running in my app, now I need
to implement an authorisation system. Its not going to be a complex
one. One admin (me) and then normal members and premium members. Any
tutorials or tips on a simple way to get this running? Thanks.


#2

Rob B. wrote:

My authentication (signup/login) is up and running in my app, now I need
to implement an authorisation system. Its not going to be a complex
one. One admin (me) and then normal members and premium members. Any
tutorials or tips on a simple way to get this running? Thanks.

See Chad F.s Rails Recipes for 2 or 3 different authentication
options.

Available Now (!) from the Prags on PDF.

A.


#3

Alan F. wrote:

Rob B. wrote:

My authentication (signup/login) is up and running in my app, now I need
to implement an authorisation system. Its not going to be a complex
one. One admin (me) and then normal members and premium members. Any
tutorials or tips on a simple way to get this running? Thanks.

See Chad F.s Rails Recipes for 2 or 3 different authentication
options.

Available Now (!) from the Prags on PDF.

A.

Yeah I have that - his examples are hard to follow for a newbie like
myself. He uses the console to give privileges and doesn’t expand his
example any further. I have tried the main one but it locks me out of
the app completely, so Im looking for a more simple method!


#4

I have been writing a Rails 1.1.2 plug-in that authenticates a user
using NTLM on an IIS server. It all works great with Webrick. Also my
logger writes work fine when running with Webrick. When I switch over
to Apache/FastCGI on the same box the plug-in doesn’t behave as I would
expect and even more disturbing my logger statements aren’t writing to
the log file. Either the Rails standard log or to the custom mylog.log
I created just to see if I needed to define my own. I’m a bit stuck as
to why the app logs just fine in Webrick and not with Apache/FastCGI.

Thanks,

Charles L.

module Authenticate
def authenticate
#mylog = Logger.new("#{RAILS_ROOT}/log/#{RAILS_ENV}")
mylog = Logger.new("#{RAILS_ROOT}/log/mylog.log")
mylog.info(‘Application starting’)

mylog.debug "coming in with session: " + session.inspect



# We won't bother if the user is already authenticated
unless session["authenticated_user"]
  # Check to see if we have sent the session_id to the table yet
  unless session["sent_sessionid"]
    mylog.debug "sending session id"
    @url = request.env['REQUEST_URI']
    unless @url =~ /http/i
      @url = 'http://' + request.env['SERVER_NAME'] +

request.env[‘REQUEST_URI’]
end
a_session = SQLSession.new(
:session_id => session.session_id,
:url => @url,
:created_at => Time.now
)
a_session.save
session[“sent_sessionid”] = true
redirect_to “http://mckinley/authenticate?session_id=” +
session.session_id and return
else
a_session = SQLSession.find(:first, :conditions => [‘session_id
= ?’, session.session_id ])
if a_session
session[“authenticated_user”] = a_session.username
#mylog.debug “redirecting to url”
#redirect_to a_session.url and return
true
else
mylog.debug “sent_sessionid is false”
true
end
end
else
# session[“authenticated_user”] is already set
mylog.debug “truth or dare!”
true
end
end
end


#5

For anyone else running into this the problem was Apache was not killing
the Ruby.exe processes as it ought to. There must have been forty stale
Ruby processes and I was getting the old plug-in from one of them. The
solution was to either kill them all or reboot.

Charles


#6

On Tue, 2006-04-25 at 13:29 +0200, Rob B. wrote:

Available Now (!) from the Prags on PDF.

A.

Yeah I have that - his examples are hard to follow for a newbie like
myself. He uses the console to give privileges and doesn’t expand his
example any further. I have tried the main one but it locks me out of
the app completely, so Im looking for a more simple method!


agreed.

I set up the basic authentication using the methodology in AWDWR. I then
switched it to use ruby::LDAP so users authenticate against my LDAP
backend but the rest of the ‘User’ information comes from a ‘users’
table.

Then I implemented the methodology from Chad’s Recipes which was a bunch
of work because I hadn’t ever fooled with habtm before and that had its
own learning curve but I now have it all working. I found the lack of
view code examples in Chad’s recipe for Rights/Roles somewhat
disconcerting but it is surmountable.

Craig