How to Password Protect a Controller


#1

Several of my models I want to password protect, so that only an admin
can enter/destroy data. Is there an easy way to accomplish this by
password protecting controllers?


#2

Sure, have a look to the login generator (gem install login_generator)
-, then script/generate

It’s very easy to use.


#3

Christophe G. wrote:

Sure, have a look to the login generator (gem install login_generator)
-, then script/generate

It’s very easy to use.

I tried that out, however it is exposed itself, allowing anyone to
register and therefore be an admin (if I use it that way).

What I’m trying to figure out is how to build in logic so that all the
CRUD methods are gated.


#4

You can remove signup logic in controller.
You must see the login_generator as a tool to produce a skekelton with
basic functionnalities, but it’s very clean and can easily tailored to
suit your needs.


#5

I’m pretty happy with the login_engine/user_engine combo. LoginEngine
provides the basic signup, login and password recovery functions and
UserEngine adds simple role-based access control that you can tune down
to single actions. My baseline user privileges are pretty much identical
to a guest’s. Only those who have explicitly been assigned other roles
have any privileges on protected controllers.

Shut off new-account signup entirely – or restrict it to admins – and
you should be all set if that’s what you want.

Arch S. wrote:

Christophe G. wrote:

Sure, have a look to the login generator (gem install login_generator)
-, then script/generate

It’s very easy to use.

I tried that out, however it is exposed itself, allowing anyone to
register and therefore be an admin (if I use it that way).

What I’m trying to figure out is how to build in logic so that all the
CRUD methods are gated.


#6

Steve K. wrote:

I’m pretty happy with the login_engine/user_engine combo. LoginEngine
provides the basic signup, login and password recovery functions and
UserEngine adds simple role-based access control that you can tune down
to single actions. My baseline user privileges are pretty much identical
to a guest’s. Only those who have explicitly been assigned other roles
have any privileges on protected controllers.

Shut off new-account signup entirely – or restrict it to admins – and
you should be all set if that’s what you want.

I cannot find the user_engine gem. I wanted to look at some
documentation before installing.

Anyone have a link?

Thanks.


#7

Have a look here : http://rails-engines.org/