Forum: Ruby on Rails require_role on a per action basis

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Da26e07c85efba16d0450e7e2d62f472?d=identicon&s=25 Mike Buckley (mbuckley)
on 2009-05-27 01:01
I am working on an app that has three roles (user, admin, business). I
have the situation where all three roles interact with the same
controller, but have access to different actions. Some actions are
authorized for 2 roles (admin, business), and others are only authorized
for one role (administrator).


Does anyone know if there is a commonly used pattern for security on a
per action basis?

What I would like to do is be able to map which roles are authorized to
call which actions and be able to call a :before_filter in my
controller.

In my head I'm thinking of something like

before_filter :authorize_action => :except [:public_action1,
:public_action2]


Thanks for any input.
B0f6756b62559d43213636dde11bb785?d=identicon&s=25 BenH (Guest)
on 2009-05-27 01:38
(Received via mailing list)
Consider restful_authentication and rolerequirement
http://code.google.com/p/rolerequirement/


On May 26, 4:01 pm, Mike Buckley <rails-mailing-l...@andreas-s.net>
Dd2d775dea75b381edb1bbf0600a0907?d=identicon&s=25 Marnen Laibow-Koser (marnen)
on 2009-05-27 04:01
BenH wrote:
> Consider restful_authentication

Yup. Or authlogic.

> and rolerequirement
> http://code.google.com/p/rolerequirement/

Or rails_authorization.

There are probably other plugins as well -- these are *very* common
tasks.

Best,
--
Marnen Laibow-Koser
http://www.marnen.org
marnen@marnen.org
Da26e07c85efba16d0450e7e2d62f472?d=identicon&s=25 Mike Buckley (mbuckley)
on 2009-05-27 10:42
Thanks for the links. Very appreciated. I will take a look at these
*very* common tasks.


Marnen Laibow-Koser wrote:
> BenH wrote:
>> Consider restful_authentication
>
> Yup. Or authlogic.
>
>> and rolerequirement
>> http://code.google.com/p/rolerequirement/
>
> Or rails_authorization.
>
> There are probably other plugins as well -- these are *very* common
> tasks.
>
> Best,
> --
> Marnen Laibow-Koser
> http://www.marnen.org
> marnen@marnen.org
This topic is locked and can not be replied to.