static permissions trough roles

2 views
Skip to first unread message

Ladina Rothaus

unread,
Dec 2, 2007, 12:41:52 PM12/2/07
to active-rbac
hi!

is there a reason act_as_user 's has_static_permission? does not look
in the users roles for a permission?

isnt the concept that roles are sort of groups of permissions? or did
i miss something?

thanks

steegi

unread,
Dec 3, 2007, 11:32:50 AM12/3/07
to active-rbac
Hi Ladina,

I used ActiveRBAC on a personal project about 6 months ago and I
vaguely remember wondering about the same thing. If I recall correctly
it was a non issue. If the current_user is set correctly, just
checking StaticPermissions in your controller will include users
permissions assigned through roles.

Check http://active-rbac.rubyforge.org/docs/.

Cheers,
Frank.

Manuel Holtgrewe

unread,
Dec 3, 2007, 11:46:55 AM12/3/07
to activ...@googlegroups.com
Hi, Ladina.

Have a look at [1]: has_static_permission? accesses
"static_permissions" which is a method which itself collects all
permissions of all roles. True, this could directly be done in the
database but as long as nobody complains about active-rbac being slow,
I will keep the simpler code :)

*m

[1] http://active-rbac.rubyforge.org/svn/active-rbac/trunk/plugin/lib/active_rbac/acts_as_user.rb

Ladina Rothaus

unread,
Dec 3, 2007, 2:52:53 PM12/3/07
to active-rbac
thanks for your replies. it seems that i messed something up yesterday
in my console. of course it works :)

> [1]http://active-rbac.rubyforge.org/svn/active-rbac/trunk/plugin/lib/act...

but i still cant apply permissions to users (since there is no
relation)
so seems like i have to implement something like the contextual
permissions mentioned in
http://groups.google.com/group/active-rbac/browse_thread/thread/d8d435705c305627
to have more fine grained control without ending up creating lots of
groups.

has anyone spottet a open source rails app which uses a permission
system like this?
i took a short look at hobo ( http://hobocentral.net/ ) but they seem
to follow a slightly different approach and i
would not fit into my already existing app.

thanks
l

Manuel Holtgrewe

unread,
Dec 3, 2007, 3:06:16 PM12/3/07
to activ...@googlegroups.com

Am 03.12.2007 um 20:52 schrieb Ladina Rothaus:

> to have more fine grained control without ending up creating lots of
> groups.

Yes, this is the case. The idea of a Role Based Access System is that
permissions are granted based on roles. This removes complexity but of
course also some power.

However, you could always do something like this:

1 Role roles.user
2 StaticPermission permissions.user_can_edit_own_articles
3 assign 2 to 1

Then, in your code do something like:

if "user owns article" and user.has_permission?
("permissions.user_can_edit_own_articles") then ...

Bests,

Manuel

Ladina Rothaus

unread,
Dec 3, 2007, 3:38:43 PM12/3/07
to active-rbac
thank you manuel!

another short question which i found no answer to: is there any
practical
reason in prefixing the identifiers with "roles." and "permissions."?

Manuel Holtgrewe

unread,
Dec 3, 2007, 3:43:47 PM12/3/07
to activ...@googlegroups.com

Am 03.12.2007 um 21:38 schrieb Ladina Rothaus:

>
> thank you manuel!
>
> another short question which i found no answer to: is there any
> practical
> reason in prefixing the identifiers with "roles." and "permissions."?

Not really, it is just my private convention.

Reply all
Reply to author
Forward
0 new messages