Several of my models I want to password protect, so that only an admin
can enter/destroy data. Is there an easy way to accomplish this by
password protecting controllers?
Sure, have a look to the login generator (gem install login_generator)
-, then script/generate
It’s very easy to use.
Christophe G. wrote:
Sure, have a look to the login generator (gem install login_generator)
-, then script/generateIt’s very easy to use.
I tried that out, however it is exposed itself, allowing anyone to
register and therefore be an admin (if I use it that way).
What I’m trying to figure out is how to build in logic so that all the
CRUD methods are gated.
You can remove signup logic in controller.
You must see the login_generator as a tool to produce a skekelton with
basic functionnalities, but it’s very clean and can easily tailored to
suit your needs.
I’m pretty happy with the login_engine/user_engine combo. LoginEngine
provides the basic signup, login and password recovery functions and
UserEngine adds simple role-based access control that you can tune down
to single actions. My baseline user privileges are pretty much identical
to a guest’s. Only those who have explicitly been assigned other roles
have any privileges on protected controllers.
Shut off new-account signup entirely – or restrict it to admins – and
you should be all set if that’s what you want.
Arch S. wrote:
Christophe G. wrote:
Sure, have a look to the login generator (gem install login_generator)
-, then script/generateIt’s very easy to use.
I tried that out, however it is exposed itself, allowing anyone to
register and therefore be an admin (if I use it that way).What I’m trying to figure out is how to build in logic so that all the
CRUD methods are gated.
Steve K. wrote:
I’m pretty happy with the login_engine/user_engine combo. LoginEngine
provides the basic signup, login and password recovery functions and
UserEngine adds simple role-based access control that you can tune down
to single actions. My baseline user privileges are pretty much identical
to a guest’s. Only those who have explicitly been assigned other roles
have any privileges on protected controllers.Shut off new-account signup entirely – or restrict it to admins – and
you should be all set if that’s what you want.
I cannot find the user_engine gem. I wanted to look at some
documentation before installing.
Anyone have a link?
Thanks.