Agile Web Development

Build it. Launch it. Love it.

Authorization

Adds a flexible mechanism for authorization. Differs from other authorization systems in the following ways: (1) You can specify roles programmatically with model code or use a mixin to keep roles in a database. (2) The plugin uses a clean language for specifying authorization expressions. (3) Ability to handle roles on instances of a model. (4) Rights are explicitly declared in controller and view code. (5) Different levels of authorization complexity are provided through mixins available with the plugin. If you don�t want to use the database for authorization, you mixin a HardwiredRoles module. If you want full database support for roles on model instances, you mixin the ObjectRolesTable module.

Vitals

Home http://www.writertopia.com/developers/authorization
Repository http://github.com/DocSavage/rails-authorization-plugin
License Rails' (MIT)
Tags Tag_red acts_as_authenticated authentication authorization rbac RoleRequirement roles rubyonrails security test_driven
Rating (24 votes)
Owner Bill Katz
Created 18 May 2006

Comments

  • Sandeep
    7 September 2007

    Can we use this at controller level? Say , I have list of actions in a controller that only Admin can do, but this controller has no model as such.

  • Avatar
    7 February 2008

    this plugin is great, any chance it will be updated for rails 2? i'm getting when running autotest

    http://pastie.caboo.se/148454

  • Avatar
    Michael
    14 February 2008

    matt, you might want to log & post the method_id that is causing the infinite loop. it would contribute somewhat to identifying the problem.

  • Avatar
    16 February 2008

    Note that the repository has moved to git. I'm adding some muscle to the administration of the project, so submitted patches will hopefully be looked at and incorporated when useful.

Add a comment