Field Level Security

casper_the_ghost · August 7, 2007, 2:38am

Could someone point me in a direction on how to apply field level
security to my Rails app? Basically I have an update action on my
controller, but based on the permissions of the person logged in, I
want to control what fields they can update. Of course the model
object should enforce this security as well as disabling the controls
on the view if they don’t have the permissions to edit it.

I have been through the Simple Access Control Example (http://
wiki.rubyonrails.org/rails/pages/SimpleAccessControlExample) which is
good for applying permissions for whole actions, but I really need to
go more granular sometimes.

Thanks,
Brian R

casper_the_ghost · August 7, 2007, 8:17pm

On Aug 6, 2007, at 19:35 , [email protected] wrote:

Of course the model
object should enforce this security as well as disabling the controls
on the view if they don’t have the permissions to edit it.

You might want to take a look at Bruce P.’ ModelSecurity for some
ideas.

http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html

Hobo might also have something along these lines, but I haven’t
checked it out yet.

Michael G.
grzm seespotcode net