Is there a way to use either Ruby or Rail's self reflection to return
a list of actions a given controller can respond to?
I found the "methods" method, but it appears to return everything,
including all of the super class methods. I want just the actions a
given controller has defined. I am trying to implement a Roles Based
Access framework and want to have dynamic links based upon what a user
can do. It would be nice if the controllers can tell me what is
possible, and then remove those things the user isn't allowed to do.
Everton,
I wasn't sure I understood your question.
What I'm trying to do is implement a Role Based Access Control (RBAC)
framework.
Basically, a user gets assigned one or more Roles. A Role has a
collection of Rights. A Right is a Controller and Action within in
the applicatoin.
If a user has a given right, the authenticator will allow a redirect
to that Controller and Action.
In the administration section of the application, where Rights are
defined and assigned to Roles, I wanted to provide a drop down list of
all the possible Rights to select from. Ideally, the application
itself should be able to tell me what Controllers and Actions it
provides via self reflection.
This would have been a snap in Smalltalk, but I can't seem to get
something that works in Ruby/Rails.
If one does something like
allowedControllers = ApplicationController.subclasses
you only get the controller that was in context (presumably because
the subclasses method uses ObjectSpace), and its only a string, not
the actual class.
Therefore, I can't loop through the collection and do something like
allowedActions = aController.action_methods
Therefore, i'm a bit frustrated and looking for those wiser than I to
clue me in.
I have done the same thing that are you speaking about, but
controllers/actions was created on a migration. I think that this
should be moved to a rake task too.
I think that engines like User Engine have problems for me, and so, i
create RBAC system myself. On my system, i have more than just
controller/action or “permissions” models, i have tools_categories
that group actions behind some “tool”. Each permission is maded by
relationships between tools_categories and roles through functions
(where functions is just C-R-U-D at now). The system “introspect”
function of each action based on his name (ugly, but works). When you
specify a permission you just say that some role have access to create
and read, but not update or delete on a specific tool. This is very
simple to use and configure and works fine for me.
To help me, i just add some useful methods to user model, like
canCreate?(action) or canUpdate?(action) and i just overwrite
link_to*** helpers to return “” if user has no access to relative
access.
Note: actions like ‘‘new’’ should be classified as C (create), so links
for new never will appear if the role has no permissions to create.
This give more freedom to write my code, without many IFs on all
views…
I can give you all this code, but it’s in portuguese until now, .
I will translate all and move to engine in a few days. If you want to
help me, i will be grateful.
My approach was so non-intrusive, that all application was created before AC, and so i do the AC system and restrict all data under the system on a complex scope restriction, without any change on code that was made before the system.
Some practices on this system could be “questionable” (abusive use of with_scope, link_to*** that return blank string obviously generate some invalid or ugly html (tables and lists with blank tds/items, etc)), but the clean code and very fast work done pay this price.
.
I will translate all and move to engine in a few days. If you want to
help me, i will be grateful.