@ Marnen - At the time when looking through Authentication Plugins
didn't get the impression most developers rather use different plugins
(other thena Restful_Auth) nowadays..
on the other hand - I didn't quite ask and tried to figure it all by
myself while feeling a "newbie" (till two days ago I think) so I think
now is a good time to ask and receive answers..
HJ - Thanks you! though currently using aasm, your description of how
to use state_machine plugin was very helpful to my basic
Now following also Marnen's remark (thanks again Marnen), I'm
wondering.. should I replace the plugins I'm using?
Restful_Authentication and AASM included?
Can you guys recommend me of plugins you find better and better-how?
(no offense to other plugins of course)? also, are they Rails 3
compatible (though currentl using InstantRails with Rails 2.3.5, but
considering to move to Rails 3 when it's s table version..)
I can share my solution, maybe you can find the corresponding methods
For example when you have an Article, you define a before_transition
within the state definition. The before_transition uses the method
is_authorized_for? to determine if the user is authorized for the
class Article < ActiveRecord::Base
state_machine :initial => :unpublished do
before_transition all => all do |article, transition|
event :publish do
transition :unpublished => :published
event :unpublish do
transition :published => :unpublished
# Method to check if user is authorized to do state transition
In your authorization_rules.rb you will have something like this:
role :admin do
has_permission_on [:articles], :to => [:publish, :unpublish]
When a authenticated user tries to alter the state of an unpublished
Article, the is_authorized_for? will only return true if the user has
the :admin role.
Hope this helps...