Rails: Role and Permission creating — acts as role
A while ago (Nov. 2006) was looking for a solution to Roles and Permissions for Ruby on Rails. One idea on the RoR site is to create an Access Control List (ACL), create a before filter and allow certain roles to certain actions. This seemed like a lot of extra work. Especially if you have to do this to each controller. Plus you have to maintain it! I wanted something more dynamic–cooler. Plus, it places an unnecessary dependency between me and my code. I want to solve problems, not add/remove permissions.
Enter acts as role. Written with my friend Jon Morton, AAR allows for role/permission simplicity through-out a Rails application. We followed these guidelines when writing AAR - Had to:
- have model based security
- protect Controller actions
- simple to code in the View
- hide items easily in the View
- database driven, have no ACL list in the code
- allow multiple roles
- and handle permission conflict intelligently
Understanding Users/Roles/Permissions
AAR’s basic principle is that you should not give special permissions directly to the User. All permissions are given to a Role. If there is a snowflake** who needs X permission then I copy an existing Role and add the permission. This way if (or when) that user is gone the permissions and are preserved.
Installation can be a simple as downloading the app, putting it in your vender/plugins directory and adding “include ActsAsRole” at the top of your controllers/application.rb. Correction. There are models and relationships that need to be set up that I have not explained. I’ll work on updating the README to include this. And add some rake tasks to the plugin to create the models. See the DB Schema PDF to see the model associations.
EXAMPLE of using AAR:
if has_access?(users_path)do something…end
OR
if has_access?(:controller => ‘users’, :action => ‘index’)do something…end
In Part 2, I’ll have a screencast and a test app.
Links:
git AAR
model schema diagram pdf
** Jon Bartels, fellow programmer who coined the edge cases as “snowflakes”…because everyone wants to be special and unique.
May 19th, 2009 at 11:38 am
um… where’s part 2?
May 21st, 2009 at 12:48 pm
WOW, I didn’t realize that I posted this in November ‘08!
I’ve been slowing working on a new way to configure the plugin so that it can scale. Right now the plugin is more designed for a larger site. It would be nice to have more options on where the roles/permissions get loaded from.
I would also like to reduce the dependency on RESTful Authentication by making it optional.
July 15th, 2010 at 9:40 pm
< blockquote >< a href=”http://pillspot.org/”>Pillspot.org. Canadian Health&Care.Best quality drugs.Special Internet Prices.No prescription online pharmacy. Low price drugs. Buy pills online< /a >…
Buy:Lipitor.Amoxicillin.Advair.Female Pink Viagra.Buspar.Wellbutrin SR.Aricept.Benicar.Female Cialis.Prozac.Acomplia.Seroquel.Ventolin.Lipothin.Cozaar.Zetia.Lasix.SleepWell.Nymphomax.Zocor….
July 22nd, 2010 at 6:13 am
< blockquote >< a href=”http://medicamentspot.com/”>Medicamentspot.com. Canadian Health&Care.No prescription online pharmacy.Best quality drugs.Special Internet Prices. Online Pharmacy. Buy drugs online< /a >…
Buy:Actos.Nexium.100% Pure Okinawan Coral Calcium.Retin-A.Prevacid.Zovirax.Mega Hoodia.Prednisolone.Human Growth Hormone.Zyban.Arimidex.Petcam (Metacam) Oral Suspension.Valtrex.Lumigan.Accutane.Synthroid….
August 29th, 2010 at 7:25 am
18 Accessories Cars 118/ http://04FORDPARTS.US/tag/1 : 18 Accessories Cars 118/…
1…
August 29th, 2010 at 10:31 am
Voodoo http://jcrateiso.BESTPARTSPLUS.INFO/tag/120H+Voodoo+voodoo/ : voodoo…
Voodoo…
August 29th, 2010 at 9:33 pm
Maker http://ymonsterar-4.AWESOMEBABYCLOTHES.INFO/tag/Countertop+Commercial+Maker/ : Commercial…
Maker…
August 29th, 2010 at 9:39 pm
Service http://cplustuvwhd9.ACEHARDWAREE.INFO/tag/&+Service+table+amp/ : &…
Service…
August 30th, 2010 at 1:59 am
mac http://btreatxjd6nl.ACEHARDWAREE.INFO/tag/Mac+Cosmetics+canada+mac/ : mac…
mac…