Roles based authentication

hi!

im trying to implement a role based authentication in my project, but im
writing too many conditions, and i think thats not the right way to
proceed.

i have search in google, but there are a lot of plugins and “tutorials”,
and they are always not similar, so i dont understand them.

please could someone help me? maybe with a easy authentication or with a
good/nice tutorial?

thanks!!

someone there who can help me??

:S

sabin wrote:

someone there who can help me??

:S

Try the Rails Recipes book
(http://www.pragmaticprogrammer.com/titles/fr_rr/) there’s a great
explanation in there of how to do authentication, from simple to
advanced.

tor, 27,.07.2006 kl. 13.10 +0200, skrev sabin:

im trying to implement a role based authentication in my project, but im
writing too many conditions, and i think thats not the right way to
proceed.

I’ve been writing a Roles/ACL auth system based on auth_generator, you
might want to check it out. http://penso.info/code/auth_generator

It’s GPL so you’ll have to release any enhancements.

I replaced the ACL system in auth_generator with the ACL stuff from
here: http://wiki.rubyonrails.org/rails/pages/LoginGeneratorACLSystem

Then I added the possibility to base permissions on the object_id, real
fancy combination if I need to be humble. :wink:

It sucks, though. :slight_smile: I’ve got thousands and thousands of objects in the
database, so adding permissions based on every object_id is only causing
the browser to not log in the user. With 8 methods in a ModelController
you’ll have eight permission strings to add in the cookie, per object.

I can think of three ways to go on.

  1. Permission hash in a separate table
  2. Permission as strings instead of objects
  3. Drop ACL

Having a permission hash means storing the hash in the cookie, then look
up in the database whether the current action is allowed for this object
and this user.

Strings means storing permissions one permission object per action and a
string with relevant object_ids or “any” for free usage of the given
action on any object.

Dropping ACL is tempting and challenging as we’d need to store a lot
more business logic on the database level. I really think dropping ACL
is the best way. Simplicity is your friend.


Runar Ingebrigtsen
propell, mopo as

http://runar.mopo.no | +47 971 77 229 | Boks 808, 8001 Bodø, NORWAY

Runar Ingebrigtsen wrote:

tor, 27,.07.2006 kl. 13.10 +0200, skrev sabin:

im trying to implement a role based authentication in my project, but im
writing too many conditions, and i think thats not the right way to
proceed.

What if there were an outboard system that handled both authentication
and fine-grained authorization? And a Rails application could simply
access it transparently, with either a generator or a plugin?