Forum: Ruby on Rails what features in login system?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Eea3feaacbe44706164289d068d94828?d=identicon&s=25 petermichaux (Guest)
on 2005-11-12 12:50
(Received via mailing list)
Hi,

I've been following the discussions about roll-your-own, generators,
plugins
and engines with interest. I wonder how much peoples needs really vary
when
it comes to a login system. Right now the Rails wiki is not so helpful
with
a discussion of authentication in general and I would like to see the
wiki
improve. Perhaps the best way to start is with a list of authentication
features people actually would like to have. Maybe the list will be long
but
if the lists exists it will make it easier for someone new to roll their
own
if that is the best way to go. Also the list could be fleshed out with
more
wiki pages describing strategies for each item.

I would like to have

* forgotten password emails
* user roles

What features do you need?

Peter
81194a50c0f9bd95d7832a77fdf371bd?d=identicon&s=25 cool_screen_name90001 (Guest)
on 2005-11-12 12:50
(Received via mailing list)
I've only checked out Model Security and things I
didn't like about it:

- appears to only use HTTP authentication, rather than
HTML forms.
- MySQL specific. Though porting to PostgreSQL et al
should be trivial.
- Waaay complex - lots of libs, helpers, models,
views, controllers, etc.

Other than that, it appears to be well done and quite
capable. But I'll probably end up using pieces of it
to suit my needs.

csn


--- Peter Michaux <petermichaux@gmail.com> wrote:

> improve. Perhaps the best way to start is with a
>
>
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
9d1f5d2d9de70bd9a934f557dc95a406?d=identicon&s=25 has.sox (Guest)
on 2005-11-12 12:50
(Received via mailing list)
The model security can use html forms... Just click on cancel when the
box
comes up from the HTTP auth.

I think it's a great idea to set up a list of desired features

I think that in addition to the forgotton password email and user roles,
there is also a need to have the ability to either extend, or
dynamically
assign associations and fields to the user model without
overwriting/modifying the code for the system. I want to be able to
associate users with other objects in the app without changing the
user.rbfile in the login system. Login Engine does this presently.

Also a feature to allow certain roles to perform certain actions on the
user
(or a sub-set of users) via a config option. This option may mean that a
seperate Admin interface is not required. Not sure how this would work
though, especially if your an admin, and therefore you can access every
user, but the manager role option below is read first and so limits your
options...
ie.
config :allow_user_actions
:actions =>['list','edit','show'],
:required_role => ['Manager'],
:on_users => "department = #{curren_user.department}"

config :allow_user_actions
:actions =>[:all],
:required_role => ['Admin],
:on_users => :all

A filter for the a controller that sets the role required for actions.

Of course whatever system is put up, they should agree on the basic
method
names and where each of these methods is available and applied...
current_user
login_required
role_required
roles_allowed (maybe multiple roles should have access to the list of
actions)
has_role
etc

Just a couple of thoughts...
81194a50c0f9bd95d7832a77fdf371bd?d=identicon&s=25 cool_screen_name90001 (Guest)
on 2005-11-12 12:50
(Received via mailing list)
--- Liquid <has.sox@gmail.com> wrote:

> The model security can use html forms... Just click
> on cancel when the box
> comes up from the HTTP auth.

I don't want it to come up *at all*.

csn



__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
9d1f5d2d9de70bd9a934f557dc95a406?d=identicon&s=25 has.sox (Guest)
on 2005-11-12 12:50
(Received via mailing list)
If you remove the

On 11/12/05, CSN <cool_screen_name90001@yahoo.com> wrote:
>
> csn


In that case then you need to modify the User controller. remove line
108
(and any others that you can find...)

http_authorize

I think this should do it.
This topic is locked and can not be replied to.