Role Based Authentication

Hi All,

I want to authorize user according to role he has. I found some rails
plugins,

ActiveRBAC
ActiveACL

anybody has used them (how was it), or can provide little info (hints)
how to go about role based authentication.
I'll appreciate if anyone helps me with this.

Regards
Gaurav

What I do?

I add new column in the Users table, and call it "status" which has
different enum('user', 'moderator', 'admin')

Then in my controller, I would use:

before_filer :is_admin, :only => %w(this_method)

:slight_smile:

--

Thanks Jamal that was nice input.

Hi,

  I am facing another problem, I am not able to install above
mentioned plugins, as I have to
evaluate them and finally conclude how to go about this.

  Has anyone successfully implemented any thing recently using those
plugins? i.e..

  ActiveRBAC
  ActiveACL

Gaurav

You could do something like

def check_authentication
  unless session[:user]
  redirect_to :controller => "login", :action => "signin_form"
  return
  end
end

# The authorization check uses the ruby detect function to great
effect. Assumes each user has multiple roles and each of these roles
can be assigned to multiple rights. Rights are defined as a controller-
action combination and stored in the database in tables roles and
rights.

def check_authorization
  user = User.find(session[:user])
  unless user.roles.detect{|role|
    role.rights.detect{|right|
    right.action == action_name && right.controller == controller_name
    }
    }
    flash[:notice] = "You are not authorized to access Controller: " +
controller_name + " Action: " + action_name
    session[:prev_controller]="error" unless session[:prev_controller]
    session[:prev_action] ="no_access" unless session[:prev_action]
    redirect_to :controller => session[:prev_controller], :action =>
session[:prev_action]
    return
  end
  session[:prev_controller] = controller_name
  session[:prev_action] = action_name
end

This works out for me. Wherever you want this checked add
before_filter

before_filter :check_authentication, :check_authorization

Regards,
Rajesh

I use activeRBAC for a large project I'm currently working on. After
having had it in place for 6 months, it looks nothing like it did.
Great start and I like the Group/Role management interfaces and how it
reports on how many users are in each. If you are looking for an rbac,
it works great.

There is also a nice PDF doc for it that would give you some more
insight into it.
I like it, but it is a pretty large plugin, so you will likely modify
it which some of it is easily done through mixins and overriding the
views and controller functions.

Someone correct me if I'm wrong, but I don't think it is actively
developed anymore (I could not really update anyway.)

In short. I would recommend it.

Fredrik

Thanks Rajesh for help,

Well Fredrik

but I don't think it is actively developed anymore (I could not really update anyway.)

I tried to install it but in vane, then I tried to access the
repository given on its
site through svn (radrails) could get it but how to make it work.
The controllers,views had files and I ran the migration script and
models were also present.
But when I tried access http://localhost:3000/active_arbac/login or
http://localhost:3000/active_arbac/registration
it dint work.It complains of something not being initialized.

I have not used any plugins before how to get it running any idea.

Gaurav

I've been looking into Goldberg for this. http://goldberg.240gl.org

It looks like a powerful, flexible, and de-coupled solution for role
based authentication.

"Goldberg is essentially just a before_filter that checks to see
whether the user has the permissions to perform the incoming action.
This includes AJAX requests etc. "

I'm curious if anyone reading this has any experience or comments
about that project.

Hi,

Thanks all for replies.
Yesterday I tried goldberg and it fits my need so got over the
dilemma :).

Regards,
Guarav