devise and declarative_authorization
44 views
Skip to first unread message
Edward Rudd
Jan 31, 2012, 3:05:48 PM1/31/12
to declarative_authorization
This topic has been brought up several times on the list, and the
previous attempts I made to solve the issue (by putting weird rules in
the :guest role) never worked quite right, and usually ended up
opening HUGE security holes (like an anonymous user being able to
reset anybodies password),
So, I present the "devise monkey patch"
https://gist.github.com/1712576
Now this patch is against devise 1.3.4 (which is what we are using in
one rails 3.0 app), but can probably easily be adapted to newer
versions (probably with little change at all). I tried to ensure it
was as simple as possible.
previous attempts I made to solve the issue (by putting weird rules in
the :guest role) never worked quite right, and usually ended up
opening HUGE security holes (like an anonymous user being able to
reset anybodies password),
So, I present the "devise monkey patch"
https://gist.github.com/1712576
Now this patch is against devise 1.3.4 (which is what we are using in
one rails 3.0 app), but can probably easily be adapted to newer
versions (probably with little change at all). I tried to ensure it
was as simple as possible.
Reply all
Reply to author
Forward
0 new messages