Ok…
@ Marnen - At the time when looking through Authentication Plugins
didn’t get the impression most developers rather use different plugins
(other thena Restful_Auth) nowadays…
on the other hand - I didn’t quite ask and tried to figure it all by
myself while feeling a “newbie” (till two days ago I think) so I think
now is a good time to ask and receive answers…
HJ - Thanks you! though currently using aasm, your description of how
to use state_machine plugin was very helpful to my basic
understanding…
Now following also Marnen’s remark (thanks again Marnen), I’m
wondering… should I replace the plugins I’m using?
Restful_Authentication and AASM included?
Can you guys recommend me of plugins you find better and better-how?
(no offense to other plugins of course)? also, are they Rails 3
compatible (though currentl using InstantRails with Rails 2.3.5, but
considering to move to Rails 3 when it’s s table version…)
Thanks again
Best,
tino.
From: H.J. Blok
Date: Wed, 2 Jun 2010 04:46:31 -0700 (PDT)
I can share my solution, maybe you can find the corresponding methods
for AASM…
For example when you have an Article, you define a before_transition
within the state definition. The before_transition uses the method
is_authorized_for? to determine if the user is authorized for the
transition.
class Article < ActiveRecord::Base
state_machine :initial => :unpublished do
before_transition all => all do |article, transition|
article.is_authorized_for?(transition)
end
event :publish do
transition :unpublished => :published
end
event :unpublish do
transition :published => :unpublished
end
state :unpublished
state :published
end
…
Method to check if user is authorized to do state transition
def is_authorized_for?(transition)
permitted_to?(transition.event.to_sym)
end
end
In your authorization_rules.rb you will have something like this:
authorization do
role :admin do
has_permission_on [:articles], :to => [:publish, :unpublish]
end
end
When a authenticated user tries to alter the state of an unpublished
Article, the is_authorized_for? will only return true if the user has
the :admin role.
Hope this helps…
Posted via http://www.ruby-forum.com/.