Forum: Ruby on Rails ANN: ActiveRBAC 0.2 Released

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
54532f023496410e0d7b1add5561ba45?d=identicon&s=25 purestorm (Guest)
on 2005-11-29 21:45
(Received via mailing list)
ActiveRBAC 0.2 Released

I'm happy to announce the release of ActiveRBAC 0.2. ActiveRBAC is a
authentication and permission management library for Ruby On Rails.

ActiveRBAC is aiming to become the "standard" authentication and
authorization layer for RoR so that Engines ("Components" called
outside of RoR) can become really interchangeable since they use the
same user/permission schema.

Grab your copy now from


If you want to learn more about ActiveRBAC, visit:


[1] and [2] might be unavailable from 7pm-8pm PST today because of
server maintainance.

There is a mailing list for this project at:


Feel free to post questions, suggestions and errors there. You can
find a Trac instance for bug reporting at [2]

Changes from 0.1 to 0.2

* ActiveRBAC supports RoR 0.14.x now (and should thus support 1.0)
* The verify_block macro has been removed. Use a before_filter
instead. The minicms-roles and minicms-permissions contain examples
of this.
* ActiveRBAC can now be configured using config/
active_rbac_configuration.rb. This configuration file is loaded on
every request in developer modes so changes are instant.
* The rbac_railfix file has been moved to a plugin where mixins belong.
* The user schema adds a "password_salt" field and passwords are
salted now. This breaks compatibility with data from 0.1 since
passwords are hashed in an incompatible way (hash(password + salt)
instead hash(password)). We suggest you to notify your customers (if
you are using 0.1 in production already) per email. Resetting their
password is no problem with ActiveRBAC's interface.
* The idiosyncratic differentiation of actions (e.g.
"confirm"-"acknowledge") has been removed in RegistrationController
and LoginControlle. Actions are considered the same now and "confirm
+ GET" is old "confirm" and "confirm + POST" is "old aknowlegde".
* Added some HOWTOs, general documentation update.
* Added "permissions" derivation of "minicms" to demonstrate the
usage of permissions.
* Moving User::STATES to User.states (constant => method) so it can
be overridden easier.

Future Plans

"Rails Engines" is striving for world domination and ActiveRBAC will
join this project's course :) We will soon convert ActiveRBAC into an
Engine and thus make using and customizing it easier.

We want to make the system useable in a multilangual environment.
Thus we will incorporate i18n and l10n (fuzzy buzzwords - but still!)
into it.

We will also add caching and improve the ARBAC's performance in a
future release.


Manuel Holtgrewe
This topic is locked and can not be replied to.