Forum: Ruby on Rails How to Password Protect a Controller

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
A111108ed3617edc35da89e84689c3c2?d=identicon&s=25 Arch Stanton (d6veteran)
on 2006-03-30 07:46
Several of my models I want to password protect, so that only an admin
can enter/destroy data.  Is there an easy way to accomplish this by
password protecting controllers?
9c0eebc506c56c64dc616cdf123fa671?d=identicon&s=25 Chris Chris (aboulafia)
on 2006-03-30 08:36
Sure, have a look to the login generator (gem install login_generator)
-, then script/generate

It's very easy to use.
A111108ed3617edc35da89e84689c3c2?d=identicon&s=25 Arch Stanton (d6veteran)
on 2006-03-31 09:16
Christophe Gimenez wrote:
> Sure, have a look to the login generator (gem install login_generator)
> -, then script/generate
>
> It's very easy to use.

I tried that out, however it is exposed itself, allowing anyone to
register and therefore be an admin (if I use it that way).

What I'm trying to figure out is how to build in logic so that all the
CRUD methods are gated.
9c0eebc506c56c64dc616cdf123fa671?d=identicon&s=25 Chris Chris (aboulafia)
on 2006-03-31 12:45
You can remove signup logic in controller.
You must see the login_generator as a tool to produce a skekelton with
basic functionnalities, but it's very clean and can easily tailored to
suit your needs.
34f5b045aec62235c17458650ea75353?d=identicon&s=25 Steve Koppelman (hatless)
on 2006-03-31 13:20
I'm pretty happy with the login_engine/user_engine combo. LoginEngine
provides the basic signup, login and password recovery functions and
UserEngine adds simple role-based access control that you can tune down
to single actions. My baseline user privileges are pretty much identical
to a guest's. Only those who have explicitly been assigned other roles
have any privileges on protected controllers.

Shut off new-account signup entirely -- or restrict it to admins -- and
you should be all set if that's what you want.

Arch Stanton wrote:
> Christophe Gimenez wrote:
>> Sure, have a look to the login generator (gem install login_generator)
>> -, then script/generate
>>
>> It's very easy to use.
>
> I tried that out, however it is exposed itself, allowing anyone to
> register and therefore be an admin (if I use it that way).
>
> What I'm trying to figure out is how to build in logic so that all the
> CRUD methods are gated.
A111108ed3617edc35da89e84689c3c2?d=identicon&s=25 Arch Stanton (d6veteran)
on 2006-03-31 18:52
Steve Koppelman wrote:
> I'm pretty happy with the login_engine/user_engine combo. LoginEngine
> provides the basic signup, login and password recovery functions and
> UserEngine adds simple role-based access control that you can tune down
> to single actions. My baseline user privileges are pretty much identical
> to a guest's. Only those who have explicitly been assigned other roles
> have any privileges on protected controllers.
>
> Shut off new-account signup entirely -- or restrict it to admins -- and
> you should be all set if that's what you want.
>


I cannot find the user_engine gem.  I wanted to look at some
documentation before installing.

Anyone have a link?

Thanks.
9c0eebc506c56c64dc616cdf123fa671?d=identicon&s=25 Chris Chris (aboulafia)
on 2006-03-31 23:36
Have a look here : http://rails-engines.org/
This topic is locked and can not be replied to.