Forum: Ruby on Rails Fine grained access control

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
337cdd270761e0e6f4356de45b04d388?d=identicon&s=25 Jonathan Viney (jonny)
on 2006-02-14 13:33
Hi,

I'm building an application which is going to require quite fine grained
access control. Deciding if a user is allowed to access an action will
probably require checking quite number of different rules, so a simple
role-based system won't be flexible enough.

The approach I think I will try first is, if it's possible, to ignore
permission issues inside the actions. I think this may be achievable by
using quite a complicated before_filter to decide if the current user is
allowed to execute this action with the given parameters.

Anyway, if anyone could lend a bit of their experience, or possibly even
better, recommend some resources which cover building larger permissions
systems (books, articles etc...) I'd be very grateful.

Thanks, Jonathan.
F59329dc91cba06600ff65c85fd3e93c?d=identicon&s=25 AC Green (Guest)
on 2006-02-14 14:59
> Anyway, if anyone could recommend some resources which cover building larger permissions 
systems (books, articles etc...) I'd be very grateful.

Ditto.

I discovered what we are talking about is known as RBAC : Role-Based
Access Control.  There are several discussion at Sitepoint on the topic.

Regards

Tony Green
4005a47a8f2ceee49670b920593c1d52?d=identicon&s=25 Ben Munat (Guest)
on 2006-02-15 04:26
(Received via mailing list)
AC Green wrote:
> Tony Green
>
Bruce Perens wrote a RBAC called ModelSecurity. It's available as a gem:

gem install model_security

Here's the site:

http://perens.com/FreeSoftware/ModelSecurity/Tutorial.html

b
4005a47a8f2ceee49670b920593c1d52?d=identicon&s=25 Ben Munat (Guest)
on 2006-02-15 04:29
(Received via mailing list)
Ack... a bit tired... that should be "gem install
model_security_generator".
Eb96620826312516bb4a2d6deeee6688?d=identicon&s=25 Jean-Christophe Michel (Guest)
on 2006-02-16 14:51
(Received via mailing list)
AC Green a écrit :
>>Anyway, if anyone could recommend some resources which cover building larger permissions 
systems (books, articles etc...) I'd be very grateful.
>
> I discovered what we are talking about is known as RBAC : Role-Based
> Access Control.  There are several discussion at Sitepoint on the topic.

See https://activerbac.turingstudio.com/
It implements RBAC for rails.
This topic is locked and can not be replied to.