Plugins - ACL System
Add to favoritesWelcome to the acl_system plugin for rails. This plugin is designed to give you a flexible declarative way of protecting your various controller actions using roles. It’s made to sit on top of any authentication framework that follows a few conventions. You will need to have a current_user method that returns the currently logged in user. And you will need to make your User or Account model(or whatever you named it) have a has_and_belongs_to_many :roles. So you need a model called Role that has a title attribute. Once these two things are satisfied you can use this plugin.
Yes -- because Rick Olson's authenticated_system uses the symbol :false so that it's readily apparent that the system has already checked for a current user (the uninitialized current user variable is nil which evaluates as false). If current user is :false, then the system knows not to query the database for a current user again.
This looks a lot like: http://code.google.com/p/rolerequirement/ The main difference I think is the way how the access control is really defined in the controllers. And rolerequirement does this in a more 'rails' kind of way. But perhaps I'm missing some things.
The read me say one must have a "hasandbelongsto_many :roles". My model only assigns one Role and so I have a simple "belongsto :roles". Can I fake out the "many" roles by just adding a cover method of roles to my User model, or is there some more fundamental reason it has to be a true many-to-many underneath?
thanks a lot for this precious comment. you must do with restful_authentication for this work as well
I had to add/modify this line in the method restrict_to:
return false if (currentuser.nil? || currentuser == false || current_user == :false)
Is there a reason the plugin uses a symbol :false, rather than false?