Friends-
Here is another plugin hot off the presses of the three day
weekend Its a role based authorization system. I have been talking
with Bill K. about this system so it ties in with his recent
announcement as well. Its just my implementation.
Its an acl/role type system that can sit on top of the
acts_as_authenticated login system or any login system that
implements a few requirements. You just need to make a roles table in
your db that habtm your User or account model. And you need to have a
controller method ācurrent_userā that returns the currently logged in
user. The acts_as_authenticated plugin already implements this and
this is what this implementation is built on top of, but it can be
used with any user authentication system that has the two features
mentioned above.
Lets see the candy here fist. This is what it looks like to use this
to protect your controller actions using roles and & | ! to define
complex permissions.
class PostController < ApplicationController
before_filter :login_required, :except => [:list, :index]
access_control [:new, :create] => ā(admin | user | moderator) & !
blacklistā,
[:update, :delete] => ā(admin |
moderator) & !blacklistā,
:approve => āadmin & (!moderator | !
blacklist)ā )
rest of controller actions
end
And then we have a controller/view helper that can be used to build
conditional menuās and such:
<% if permit?(ā(admin | moderator) & !blacklistā, current_user) %>
<%= link_to āAdmin & Moderator only linkā, :action =>āfooā %>
<% end %>
In the permissions logic strings you can use as many nested parens
and logic as you want to define what roles have permissions to access
which action. The plugin contains a small recursive descent parser to
parse the permissions logic strings. If you want application wide
protection for certain actions then you can put this in the
application.rb. The one thing to remember is to put the
access_control macro after the login_required before filter. This
plugin is for authorization and assumes that the user is already
logged in.
Here is a link to the announcement on my blog where I go into more
detail about how to use this in your applications:
http://brainspl.at/articles/2006/02/20/new-plugin-acl_system
The main goal of this implementation is to be lightweight as as non
imposing as possible. It does what it does and gets out of your way.
Right now it only works for protecting your controller actions. I am
working on the next version that has a similar protection scheme for
protecting specific model records with similar permissions
flexibility. I will release this part very soon.
I appreciate any feedback that anyone has about this system. It
works well for me in the app that I built it for and I am eager to
get more feedback to further improve things. You can get it from svn
here:
http://opensvn.csie.org/ezra/rails/plugins/dev/acl_system/
OR
script/plugin install http://opensvn.csie.org/ezra/rails/plugins/dev/
acl_system/
Cheers-
-Ezra Z.
Yakima Herald-Republic
WebMaster
509-577-7732
[email protected]