Forum: Ruby on Rails Current state of login/authentication engines?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
F3dc06f587d1ff4c7366b102bfda9204?d=identicon&s=25 David Mitchell (Guest)
on 2006-01-12 06:37
(Received via mailing list)
Hello list,

I'm trying to get my head around the current state of the various
login/authentication engines, and can't get a clear view of what the
available options are, how stable/robust they are, and what are the
pros/cons/capabilities of each.

The specific problem I'm trying to solve is this: I've got a bunch of
users, who will need to be authenticated and assigned roles (e.g.
Administrator, User, ...) and only for specific parts of the system
(e.g. AccountsPayable, AccountsReceivable, GeneralLedger).  No, I'm
not making an accounting system, but this is the simplest analogy I
could think of to describe the login/authentication I need.

A user may be an Administrator for AccountsPayable, but have no rights
whatsoever for GeneralLedger.  In other words, I need to be able to
restrict their access not only on a role basis, but also on a "which
part of the system" basis.  I don't want to mix the two and create
roles such as GeneralLedgerAdministrator, because that doesn''t give
me the scalability and flexibility I know I'm going to need later on.

Is there a login/authentication engine that I can just drop in to do
this (unlikely), or is there one that could be tweaked to provide this
functionality relatively easily?

Thanks in advance for any assistance

Dave M.
C8a634a01a2c4508360874bff7fb1a7f?d=identicon&s=25 Kevin Olbrich (olbrich)
on 2006-01-12 06:53
David Mitchell wrote:

Of all the login/user systems out there the login_engine / user_engine
system is the closest to what you need.  It can restrict access to
specific controller/action pairs based on roles, which sounds pretty
close to what you want.

It does not offer any support for checking permissions for specific
records, however, so if you need that you will have to do some checking
yourself.

_Kevin
This topic is locked and can not be replied to.