Role Based Authentication

Hi All,

I want to authorize user according to role he has. I found some rails


anybody has used them (how was it), or can provide little info (hints)
how to go about role based authentication.
I'll appreciate if anyone helps me with this.


What I do?

I add new column in the Users table, and call it "status" which has
different enum('user', 'moderator', 'admin')

Then in my controller, I would use:

before_filer :is_admin, :only => %w(this_method)



Thanks Jamal that was nice input.


  I am facing another problem, I am not able to install above
mentioned plugins, as I have to
evaluate them and finally conclude how to go about this.

  Has anyone successfully implemented any thing recently using those
plugins? i.e..



You could do something like

def check_authentication
  unless session[:user]
  redirect_to :controller => "login", :action => "signin_form"

# The authorization check uses the ruby detect function to great
effect. Assumes each user has multiple roles and each of these roles
can be assigned to multiple rights. Rights are defined as a controller-
action combination and stored in the database in tables roles and

def check_authorization
  user = User.find(session[:user])
  unless user.roles.detect{|role|
    right.action == action_name && right.controller == controller_name
    flash[:notice] = "You are not authorized to access Controller: " +
controller_name + " Action: " + action_name
    session[:prev_controller]="error" unless session[:prev_controller]
    session[:prev_action] ="no_access" unless session[:prev_action]
    redirect_to :controller => session[:prev_controller], :action =>
  session[:prev_controller] = controller_name
  session[:prev_action] = action_name

This works out for me. Wherever you want this checked add

before_filter :check_authentication, :check_authorization


I use activeRBAC for a large project I'm currently working on. After
having had it in place for 6 months, it looks nothing like it did.
Great start and I like the Group/Role management interfaces and how it
reports on how many users are in each. If you are looking for an rbac,
it works great.

There is also a nice PDF doc for it that would give you some more
insight into it.
I like it, but it is a pretty large plugin, so you will likely modify
it which some of it is easily done through mixins and overriding the
views and controller functions.

Someone correct me if I'm wrong, but I don't think it is actively
developed anymore (I could not really update anyway.)

In short. I would recommend it.


Thanks Rajesh for help,

Well Fredrik

but I don't think it is actively developed anymore (I could not really update anyway.)

I tried to install it but in vane, then I tried to access the
repository given on its
site through svn (radrails) could get it but how to make it work.
The controllers,views had files and I ran the migration script and
models were also present.
But when I tried access http://localhost:3000/active_arbac/login or
it dint work.It complains of something not being initialized.

I have not used any plugins before how to get it running any idea.


I've been looking into Goldberg for this.

It looks like a powerful, flexible, and de-coupled solution for role
based authentication.

"Goldberg is essentially just a before_filter that checks to see
whether the user has the permissions to perform the incoming action.
This includes AJAX requests etc. "

I'm curious if anyone reading this has any experience or comments
about that project.


Thanks all for replies.
Yesterday I tried goldberg and it fits my need so got over the
dilemma :).