As I've understood in Rails 2.0 it is easy to separate application
functionality for different roles. Like for admins:
map.namespace(:admin) do |admin|
admin.resources :products,
:collection => { :inventory => :get },
:member => { :duplicate => :post },
:has_many => [ :tags, :images, :variants ]
end
But then there is also some other ways where user roles are checked in
the controllers for example to give, or not, access to some parts of the
application.
----------
The question: are these two approaches conflicting? Are they meant for
the same purpose? Is there a more appropriate way (yeah depends on the
app but anyway...)
I'm now using restful_authentication plugin for basic login
functionality. But that doesn't have roles in place. It seems I could
use RESTful acl to add roles. But I'm having problems with it and
instructions available are really poor. Plus "ruby script/plugin install
http://restful-acl.googlecode.com/svn/tags/restful_acl" fails...
In resume I have some resources and some of the actions belong to the
admin. But I think that just having two roles (admin and normal user)
would be to limited so I want to choose something that I can extend
later on easily.
Any recommendations?
Good tutorials for Rails 2.0 on this area?
Thank you people.
--
Posted via http://www.ruby-forum.com/.
Using a namespaced admin controller is useful for displaying different
views to admin and regular users. Using RBAC alone, you can limit who
has access to certain areas of the site, and you can potentially
create different interfaces for admin and regular users, but then
they'll be using the same view template, which will be littered with
conditionals such as :
<% admin_content do %>
<%= link_to('Delete user', ...) %>
<% end %>
and your controllers will need to return different results depending
upon the role of the currently logged in user, such as:
orders_controller.rb
def index
if @user.is_admin?
@orders = Order.find(:all, ...)
else
@order = @user.orders
end
end
I much prefer to use namespaced controllers which will then give me:
app/views/orders # public views
app/views/admin/orders # admin only views
app/controllers/orders_controller.rb # public controller methods
app/controllers/admin/orders_controller.rb # for admins only
This also leads to a clear distinction between admin areas and public
areas, which should help reduce the possibility of making a mistake in
regards to who has access to what.
And to install the restful_acl plugin, just check it out using svn
into your vendors directory:
svn co http://restful-acl.googlecode.com/svn/tags/restful_acl
or use piston and import it
Mike
I kind of like more the namespaces as well. And I see it quite clear
when we have just normal users and admin.
But what if we have more role types? Say Normal users (just view),
Contibutors (can view and edit), Admin (can do anything).
Do we manage it with more namespaces or do we end up having to use
namespaces, RBAC and a mix of both? If we need a mix then it might be
clearer to just use RBAC(?).
Thanks again.
Cheers.
I'd be interested to hear how others have implemented this.. Did they
use more namespaces, or a combination? I think a namespaced
controller is good when there's a very clear distinction between the
different levels of access, such as between an admin and a regular
user, since the views and requirements of each will be quite
different. For the other roles, it's less clear, and this is where
it's probably good to use a combination approach.
Mike
On 2/29/08, comopasta Gr <rails-mai...@andreas-s.net> wrote:
>
Mike