Agile Web Development

Build it. Launch it. Love it.

Links

ACL System

Categories

Ready-made Rails code

ACL System

Welcome to the acl_system plugin for rails. This plugin is designed to give you a flexible declarative way of protecting your various controller actions using roles. It’s made to sit on top of any authentication framework that follows a few conventions. You will need to have a current_user method that returns the currently logged in user. And you will need to make your User or Account model(or whatever you named it) have a has_and_belongs_to_many :roles. So you need a model called Role that has a title attribute. Once these two things are satisfied you can use this plugin.

Vitals

Repository http://opensvn.csie.org/ezra/rails/plugins/dev/acl_system2/
License Rails' (MIT)
Tags Tag_red access acl control ldap lop rbac role roles security title
Rating (69 votes)
Owner Ezra Zygmuntowicz
Created 26 May 2006

Comments

  • Avatar
    John
    26 June 2007

    I had to add/modify this line in the method restrict_to:

    Is there a reason the plugin uses a symbol :false, rather than false?

  • Avatar
    joël AZEMAR
    18 September 2007

    thanks a lot for this precious comment. you must do with restful_authentication for this work as well

  • Avatar
    Sohail Ahmed
    12 October 2007

    The read me say one must have a "has_and_belongs_to_many :roles". My model only assigns one Role and so I have a simple "belongs_to :roles". Can I fake out the "many" roles by just adding a cover method of roles to my User model, or is there some more fundamental reason it has to be a true many-to-many underneath?

  • Avatar
    Harm
    2 January 2008

    This looks a lot like: http://code.google.com/p/rolerequirement/ The main difference I think is the way how the access control is really defined in the controllers. And rolerequirement does this in a more 'rails' kind of way. But perhaps I'm missing some things.

  • Avatar
    Kevin Triplett
    30 March 2008

    Yes -- because Rick Olson's authenticated_system uses the symbol :false so that it's readily apparent that the system has already checked for a current user (the uninitialized current user variable is nil which evaluates as false). If current user is :false, then the system knows not to query the database for a current user again.

Add a comment