stackoom
  简体   繁体   中英

Authorization model for Ruby on Rails

 原文  2009-12-17 15:27:45       ruby-on-rails/ ruby/ authentication/ authorization

Question

I am building a project management app and I am not sure which is the best/correct authorization model to implement given I am new to Rails (and programming in general). Here is what I am trying to do.

I want to be able to add a "client" to the application and then multiple projects to a client. I would like to be able to add users (that are essentially representatives of the client) to view that clients multiple projects but not other clients. I intend on having controllers for time tracking, notes, comments and images all to be associated with both clients and project of that client.

In addition, I would like to set up the account to control who is able to have one. I don't need the user to establish an account on their own.

Does that make sense?

6 answers

solution1
 4 ACCPTED  2009-12-17 15:38:29

I believe what you are mentioning is called Authorization not Authentication, anyway:

I would suggest acl9 for authorization and authlogic for authentication.

solution2
 3  2009-12-17 15:36:35

These (free) Railscasts should give you some food for thought. There are lots of great RubyGems/plugins out there for this sort of thing.

solution3
 2  2009-12-17 21:36:32

The Ruby Toolbox gives you an overview of tools and their popularity in the rails community (rated by watchers and forkers on GitHub). As you can see there, the suggested plugins restful_authentication and authlogic are almost on the same level.

solution4
 1  2009-12-17 15:40:06

Restful身份验证仍然是Rails上用户身份验证的黄金标准。

solution5
 1  2009-12-17 23:23:42

I have used Authorization plug-in in the past and like it because it gives some nice meta methods such as: 

  user.is_eligible_for_what   --> returns array of authorizable objects for which user has role "eligible"
  user.is_moderator_of? group --> returns true/false
  user.is_moderator_of group  --> sets user to have role "moderator" for object group.
  user.is_administrator       --> sets user to have role "administrator" not really tied to any object.

There's also a brand new RailsCast on CanCan .

solution6
 0  2009-12-18 16:22:23

I'd use AuthLogic for authentication (logging in users and making sure they are who they claim to be) and declarative_authorization for authorization (making sure they have access to resources). See Ryan Bates' excellent Railscasts on AuthLogic and restful_authentication for more info.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Ruby on Rails :Creating Migration Script for Authorization with Role Model Admin authorization in Ruby on Rails authorization crud ruby on rails ruby on rails tutorial authorization How to make Ruby on Rails authorization? Update Authorization (Ruby on Rails Tutorial) Ruby on Rails, bcrypt and iOS authorization Model-level authorization in Rails Ruby rails model attribute Ruby on rails: Model Form
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM