Today I was writing an authentication filter to my controllers that needed some parameters. That is what I did:
def self.verify_permission(permission, options={})
before_filter {|controller| controller.verify_permission(permission, options)}
end
def verify_permission(permission, options)
# actual authentication code goes here
end
Hi Eloy, thank you for your suggestion, but I don't think it would satisfy my needs...
In my case, a user has a role that can be attached to some conditions. For instance, the user 'manager' has a role 'institution_admin' only for institution 'manager_institution'...
But anyway, that was just an example. I was really curious about filters supporting parameters directly.
Hi Eloy, thank you for your suggestion, but I don't think it would
satisfy my needs...
In my case, a user has a role that can be attached to some conditions.
For instance, the user 'manager' has a role 'institution_admin' only for
institution 'manager_institution'...
I don't completely follow the explanation of the example, but that would probably be easy with authorization-san. It already supports the idea of 'role' on an object.
In all the projects we have used it, we haven't found one scenario that we couldn't solve.
class InstitutionsController < ActionController::Base
allow_access :institution_admin do
# perform any checks and return truthy or falsy value
end
end
But anyway, that was just an example. I was really curious about filters
supporting parameters directly.
I'm not sure there is any reason to, since like I said we have been able to solve all situations we've come across.
Besides that, I'm not sure that I find the examples you gave of how it would look like to be readable/understandable. Maybe it's the example, maybe it's me…
I still can't figure out how would be the complete use case with authorization-san.
Let me put the examples in more detail. In my project, users have roles, which have permissions, as usual.
But some roles are attached to some condition. In a role 'institution_admin', a user should be attached to some specific existent institution.
But if a user belongs to 'system_admin' role, for instance, it shouldn't be attached to any conditions.
I have in User:
has_many :roles, :through => :assignments
And in Assignment, there is 'user_id', 'role_id' and an integer 'condition' that could be null. The roles are fixed and I check that condition is filled in correctly depending on the role.
There is a hash that maps the expected condition class to each role.
If you think I could do the same with authorization-san, I would be glad to see a more in-depth example.
def institution_admin?
roles.any? { |r| r.label == 'institution_admin' }
end
def system_admin?
roles.any? { |r| r.label == 'system_admin' }
end
end
class InstitutionController < ApplicationController
allow_accesss(:system_admin)
allow_accesss(:institution_admin) do
@authenticated.institution == @institution
end
prepend_before_filter :find_institution
private
def find_institution
@institution = Institution.find(params[:id])
end
end
Can you restart this discussion on the Rails Talk list and CC Eloy and
me? This list is meant for discussing Rails core development.
