Hi All,
I want to authorize user according to role he has. I found some rails
plugins,
ActiveRBAC
ActiveACL
anybody has used them (how was it), or can provide little info (hints)
how to go about role based authentication.
I’ll appreciate if anyone helps me with this.
Regards
Gaurav
gaurav v bagga wrote:
Hi All,
I want to authorize user according to role he has. I found some rails
plugins,ActiveRBAC
ActiveACLanybody has used them (how was it), or can provide little info (hints)
how to go about role based authentication.
I’ll appreciate if anyone helps me with this.Regards
Gaurav
What I do?
I add new column in the Users table, and call it “status” which has
different enum(‘user’, ‘moderator’, ‘admin’)
Then in my controller, I would use:
before_filer :is_admin, :only => %w(this_method)
–
Thanks Jamal that was nice input.
Hi,
I am facing another problem, I am not able to install above
mentioned plugins, as I have to
evaluate them and finally conclude how to go about this.
Has anyone successfully implemented any thing recently using those
plugins? i.e…
ActiveRBAC
ActiveACL
Gaurav
You could do something like
def check_authentication
unless session[:user]
redirect_to :controller => “login”, :action => “signin_form”
return
end
end
effect. Assumes each user has multiple roles and each of these roles
can be assigned to multiple rights. Rights are defined as a controller-
action combination and stored in the database in tables roles and
rights.
def check_authorization
user = User.find(session[:user])
unless user.roles.detect{|role|
role.rights.detect{|right|
right.action == action_name && right.controller == controller_name
}
}
flash[:notice] = "You are not authorized to access Controller: " +
controller_name + " Action: " + action_name
session[:prev_controller]=“error” unless session[:prev_controller]
session[:prev_action] =“no_access” unless session[:prev_action]
redirect_to :controller => session[:prev_controller], :action =>
session[:prev_action]
return
end
session[:prev_controller] = controller_name
session[:prev_action] = action_name
end
This works out for me. Wherever you want this checked add
before_filter
before_filter :check_authentication, :check_authorization
Regards,
Rajesh
I use activeRBAC for a large project I’m currently working on. After
having had it in place for 6 months, it looks nothing like it did.
Great start and I like the Group/Role management interfaces and how it
reports on how many users are in each. If you are looking for an rbac,
it works great.
There is also a nice PDF doc for it that would give you some more
insight into it.
I like it, but it is a pretty large plugin, so you will likely modify
it which some of it is easily done through mixins and overriding the
views and controller functions.
Someone correct me if I’m wrong, but I don’t think it is actively
developed anymore (I could not really update anyway.)
In short. I would recommend it.
Fredrik
On Mar 14, 8:40 am, Jamal S. [email protected]
Thanks Rajesh for help,
Well Fredrik
but I don’t think it is actively developed anymore (I could not really update anyway.)
I tried to install it but in vane, then I tried to access the
repository given on its
site through svn (radrails) could get it but how to make it work.
The controllers,views had files and I ran the migration script and
models were also present.
But when I tried access http://localhost:3000/active_arbac/login or
http://localhost:3000/active_arbac/registration
it dint work.It complains of something not being initialized.
I have not used any plugins before how to get it running any idea.
Gaurav
gaurav v bagga wrote:
Hi,
I am facing another problem, I am not able to install above
mentioned plugins, as I have to
evaluate them and finally conclude how to go about this.Has anyone successfully implemented any thing recently using those
plugins? i.e…ActiveRBAC
ActiveACLGaurav
Sorry, I don’t know how to use these plugins
I’ve been looking into Goldberg for this. http://goldberg.240gl.org
It looks like a powerful, flexible, and de-coupled solution for role
based authentication.
"Goldberg is essentially just a before_filter that checks to see
whether the user has the permissions to perform the incoming action.
This includes AJAX requests etc. "
I’m curious if anyone reading this has any experience or comments
about that project.
Hi,
Thanks all for replies.
Yesterday I tried goldberg and it fits my need so got over the
dilemma :).
Regards,
Guarav
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs