Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Ruby on Rails: Talk
Message from discussion A gem that handles authentication AND authorization for me

View parsed - Show only message text

Received: by 10.204.136.216 with SMTP id s24mr956181bkt.5.1318617769271;
        Fri, 14 Oct 2011 11:42:49 -0700 (PDT)
X-BeenThere: rubyonrails-talk@googlegroups.com
Received: by 10.204.240.17 with SMTP id ky17ls91171bkb.3.gmail; Fri, 14 Oct
 2011 11:34:17 -0700 (PDT)
Received: by 10.204.132.141 with SMTP id b13mr1096391bkt.1.1318617257486;
        Fri, 14 Oct 2011 11:34:17 -0700 (PDT)
Received: by 10.204.132.141 with SMTP id b13mr1096390bkt.1.1318617257472;
        Fri, 14 Oct 2011 11:34:17 -0700 (PDT)
Return-Path: <li...@ruby-forum.com>
Received: from eq4.andreas-s.net (eq4.andreas-s.net. [188.40.52.210])
        by gmr-mx.google.com with ESMTPS id t14si1459712fac.1.2011.10.14.11.34.17
        (version=TLSv1/SSLv3 cipher=AES128-SHA);
        Fri, 14 Oct 2011 11:34:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of li...@ruby-forum.com designates 188.40.52.210 as permitted sender) client-ip=188.40.52.210;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of li...@ruby-forum.com designates 188.40.52.210 as permitted sender) smtp.mail=li...@ruby-forum.com
Received: from localhost (localhost [127.0.0.1])
  (uid 1004)
  by eq4.andreas-s.net with local; Fri, 14 Oct 2011 20:34:17 +0200
  id 00000000005CC16D.000000004E9880A9.00006A45
Old-Return-Path: <li...@ruby-forum.com>
Date: Fri, 14 Oct 2011 20:34:17 +0200
From: Sean Six <li...@ruby-forum.com>
Reply-To: rubyonrails-talk@googlegroups.com
To: rubyonrails-talk@googlegroups.com
Message-ID: <45c8262a339ffb53db3fcd2c5d738b62@ruby-forum.com>
In-Reply-To: <CA+bCVsuxZRx9iohnkkKWqpWur7hft3a0W=AojWpd-a0zgrV1mQ@mail.gmail.com>
References: <CA+bCVsuxZRx9iohnkkKWqpWur7hft3a0W=AojWpd-a0zgrV1mQ@mail.gmail.com>
Subject: Re: [Wanted] A gem that handles authentication AND authorization for
 me
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
Errors-to: li...@ruby-forum.com

I personally use devise for authentication.  With some simple code you 
can roll your own authorization system.

You can use in your user table:
t.boolean :admin, :default => false

In your application controller:

helper_method :require_admin

  def admin_user
    if current_user && current_user.admin == true
   end
  end


  def require_admin
   unless current_user && current_user.admin
   access_denied
   end
  end

  def access_denied
   redirect_to root_url
   flash[:notice] = "Cannot access that page!"
  end

Then use require_admin as a before filter in your controllers.

-- 
Posted via http://www.ruby-forum.com/.

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google