default permissions
1 view
Skip to first unread message
Donald Ball
May 11, 2009, 4:08:09 PM5/11/09
to Rails Authorization Plugin
I'm looking to integrate this into an app in which there are some
several roles, one of which is the ubiquitous admin role. The admin
role should be allowed to do anything any other role is allowed to do.
Rather than append "or admin" to every use of permit and permit? in my
app, is there perhaps some facility for centralizing that decision
that I may have missed? This wouldn't seem to be an uncommon
requirement.
several roles, one of which is the ubiquitous admin role. The admin
role should be allowed to do anything any other role is allowed to do.
Rather than append "or admin" to every use of permit and permit? in my
app, is there perhaps some facility for centralizing that decision
that I may have missed? This wouldn't seem to be an uncommon
requirement.
Another question on object roles occurs... I need objects to grant
roles to users but do not want to use the schema suggested by the
plugin; my objects grant roles to single users with foreign keys (e.g.
shipper_id). I of course need to manually implement has_role? on the
objects in question, my question is if I should set
AUTHORIZATION_MIXIN to hardwired or object roles?
Thanks.
- donald
Donald Ball
May 11, 2009, 5:24:09 PM5/11/09
to Rails Authorization Plugin
On Mon, May 11, 2009 at 3:08 PM, Donald Ball <donal...@gmail.com> wrote:
> I'm looking to integrate this into an app in which there are some
> several roles, one of which is the ubiquitous admin role. The admin
> role should be allowed to do anything any other role is allowed to do.
> Rather than append "or admin" to every use of permit and permit? in my
> app, is there perhaps some facility for centralizing that decision
> that I may have missed? This wouldn't seem to be an uncommon
> requirement.
> I'm looking to integrate this into an app in which there are some
> several roles, one of which is the ubiquitous admin role. The admin
> role should be allowed to do anything any other role is allowed to do.
> Rather than append "or admin" to every use of permit and permit? in my
> app, is there perhaps some facility for centralizing that decision
> that I may have missed? This wouldn't seem to be an uncommon
> requirement.
For what it's worth, overriding has_permission? in my application
controller to tack this onto the authorization expressions does the
trick nicely.
- donald
Ian Terrell
May 13, 2009, 12:47:55 PM5/13/09
to donald.ball, Rails Authorization Plugin
In my experience, I've worked with two classes of projects:
1) Projects with "roles" are already expressed in the schema.
2) Projects which had ACL with permissions and roles authorization requirements.
In neither case does the ObjectRoles implementation do well, in my opinion. I don't personally think it should be recommended as the default like the current doc says.
To answer your specific question, I would (and have always in these cases) set it to Hardwired.
On most of my projects I also use the following implementation which you might find handy: http://gist.github.com/111115
Maybe I'll wrap that up as a third implementation option; it's always made more sense to me for Rails applications.
Ian
1) Projects with "roles" are already expressed in the schema.
2) Projects which had ACL with permissions and roles authorization requirements.
In neither case does the ObjectRoles implementation do well, in my opinion. I don't personally think it should be recommended as the default like the current doc says.
To answer your specific question, I would (and have always in these cases) set it to Hardwired.
On most of my projects I also use the following implementation which you might find handy: http://gist.github.com/111115
Maybe I'll wrap that up as a third implementation option; it's always made more sense to me for Rails applications.
Ian
2009/5/11 Donald Ball <donal...@gmail.com>
Reply all
Reply to author
Forward
0 new messages