Require_role on a per action basis


#1

I am working on an app that has three roles (user, admin, business). I
have the situation where all three roles interact with the same
controller, but have access to different actions. Some actions are
authorized for 2 roles (admin, business), and others are only authorized
for one role (administrator).

Does anyone know if there is a commonly used pattern for security on a
per action basis?

What I would like to do is be able to map which roles are authorized to
call which actions and be able to call a :before_filter in my
controller.

In my head Iā€™m thinking of something like

before_filter :authorize_action => :except [:public_action1,
:public_action2]

Thanks for any input.


#2

Consider restful_authentication and rolerequirement
http://code.google.com/p/rolerequirement/

On May 26, 4:01 pm, Mike B. removed_email_address@domain.invalid


#3

BenH wrote:

Consider restful_authentication

Yup. Or authlogic.

and rolerequirement
http://code.google.com/p/rolerequirement/

Or rails_authorization.

There are probably other plugins as well ā€“ these are very common
tasks.

Best,

Marnen Laibow-Koser
http://www.marnen.org
removed_email_address@domain.invalid


#4

Thanks for the links. Very appreciated. I will take a look at these
very common tasks.

Marnen Laibow-Koser wrote:

BenH wrote:

Consider restful_authentication

Yup. Or authlogic.

and rolerequirement
http://code.google.com/p/rolerequirement/

Or rails_authorization.

There are probably other plugins as well ā€“ these are very common
tasks.

Best,

Marnen Laibow-Koser
http://www.marnen.org
removed_email_address@domain.invalid