Authorization system recommendations


#1

Good morning.

Our application has grown to the point where a more robust
authorization system is needed. What Rails plugins or Ruby gems do you
recommend?

Our needs include:

  • defining multiple user roles which can use parts of the application
    in different ways
  • easy maintenance (preferably no generators or systems requiring
    manual code updating after initial install)

We are already using authlogic for authentication.

Thanks.

Evan


#2

Hello Evan,

I’ve posted a similar question few days ago (
http://groups.google.com/group/rubyonrails-talk/t/813041902727d8e0?hl=en
). Unfortunately there weren’t any answers yet. So, by now I recommend
you to take a look at the “rails-authorization-plugin” from
Writertopia ( http://www.writertopia.com/developers/authorization ),
it can can supply your needs for sure.

Last but not least, I also suggest you to keep looking at Ben
Johnson’s site where recently has been posted some exciting news about
the future of Authlogic (http://www.binarylogic.com/2009/2/25/the-
future-of-authlogic-add-ons). There you’ll see something about the add-
on nr. 5. Maybe you can wait for its release. I confess I’m looking
forward to it.

Regards,

Adriano


#3

Adriano,

Thanks for pointing out your post. I’m looking at the Authorization
plugin now.

After several more hours of research I’ve found a couple of resources
that might help you, as well.

A good, comparative overview of lots of authorization plugins
http://steffenbartsch.com/blog/2008/08/rails-authorization-plugins/

Declarative Authorization plugin – well-designed authorization system
that abstracts authorization declarations from application code
http://github.com/stffn/declarative_authorization/tree

Evan