Comments on: Declarative Authorization http://steffenbartsch.com/blog/2008/09/delclarative-authorization/ Security, Usability, Rails Wed, 26 May 2010 13:12:05 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Rails Camp Germany 3 – Saturday sum up « IO 9elements http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-3527 Rails Camp Germany 3 – Saturday sum up « IO 9elements Sun, 29 Nov 2009 21:54:48 +0000 http://steffenbartsch.com/blog/?p=26#comment-3527 [...] clearance and authlogic. Seemingly there are a lot authentication gems and engines out there e.g. Declarative Authentication or ACL9 just to name a few. But there is tons of other good stuff goin’ on: Pacecar is an [...] [...] clearance and authlogic. Seemingly there are a lot authentication gems and engines out there e.g. Declarative Authentication or ACL9 just to name a few. But there is tons of other good stuff goin’ on: Pacecar is an [...]

]]> By: Using Declarative Association with HABTM Relationships- I’m a Richardson, RU? http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-2361 Using Declarative Association with HABTM Relationships- I’m a Richardson, RU? Mon, 03 Aug 2009 17:10:02 +0000 http://steffenbartsch.com/blog/?p=26#comment-2361 [...] control list solution for my Ruby needs I came across Steffen Bartsch’s “Declarative Authorization” plugin (Github source [...] [...] control list solution for my Ruby needs I came across Steffen Bartsch’s “Declarative Authorization” plugin (Github source [...]

]]> By: steffenbartsch — Using Your Authorization Framework Correctly? http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-929 steffenbartsch — Using Your Authorization Framework Correctly? Sun, 08 Mar 2009 13:05:07 +0000 http://steffenbartsch.com/blog/?p=26#comment-929 [...] Rails apps, our Rails authorization plugin declarative_authorization comes with  support of this kind. In the screenshot, controller authorization analysis is shown. [...] [...] Rails apps, our Rails authorization plugin declarative_authorization comes with  support of this kind. In the screenshot, controller authorization analysis is shown. [...]

]]> By: steffenbartsch — Graphically Browse Your Authorization Rules http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-821 steffenbartsch — Graphically Browse Your Authorization Rules Tue, 17 Feb 2009 21:34:19 +0000 http://steffenbartsch.com/blog/?p=26#comment-821 [...] have the authorization rules in your Rails app defined in a clear DSL, such as the one offered by declarative_authorization. Still, with anything more than a few roles and models (let’s not even think about 200 [...] [...] have the authorization rules in your Rails app defined in a clear DSL, such as the one offered by declarative_authorization. Still, with anything more than a few roles and models (let’s not even think about 200 [...]

]]> By: Steffen Bartsch http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-544 Steffen Bartsch Mon, 19 Jan 2009 10:03:11 +0000 http://steffenbartsch.com/blog/?p=26#comment-544 Hi Matt, currently, namespaces are not explicitly supported by decl_auth. Until a proper automatic way is established, you could just specify a custom context for filter_access_to, e.g. filter_access_to :all, :context => :admin_users and define permissions for that context. For a wider audience, please use the Google Group to further discuss these kind of issues. http://groups.google.com/group/declarative_authorization Steffen Hi Matt,

currently, namespaces are not explicitly supported by decl_auth. Until a proper automatic way is established, you could just specify a custom context for filter_access_to, e.g.

filter_access_to :all, :context => :admin_users

and define permissions for that context.

For a wider audience, please use the Google Group to further discuss these kind of issues.

http://groups.google.com/group/declarative_authorization

Steffen

]]> By: Matt http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-543 Matt Sun, 18 Jan 2009 13:33:13 +0000 http://steffenbartsch.com/blog/?p=26#comment-543 Hey Steffen, What a great plugin! Thanks a million for this, it will make all the difference to future projects and to my coding style in general. I was wondering if it were possible to specify namespaces in authorization_rules.rb? I have an Admin::UsersController < UsersController, but i don't know how to specify permissions on it. Thanks again, Matt. Hey Steffen,

What a great plugin! Thanks a million for this, it will make all the difference to future projects and to my coding style in general.

I was wondering if it were possible to specify namespaces in authorization_rules.rb? I have an Admin::UsersController < UsersController, but i don’t know how to specify permissions on it.

Thanks again,

Matt.

]]> By: Steffen Bartsch http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-537 Steffen Bartsch Fri, 09 Jan 2009 08:19:45 +0000 http://steffenbartsch.com/blog/?p=26#comment-537 I haven't worked with active scaffold, yet. If your request is denied, the log should tell you the action that was called. Please start a threat at the Google Group http://groups.google.com/group/declarative_authorization Steffen I haven’t worked with active scaffold, yet. If your request is denied, the log should tell you the action that was called.

Please start a threat at the Google Group
http://groups.google.com/group/declarative_authorization

Steffen

]]> By: steven http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-533 steven Thu, 08 Jan 2009 21:59:18 +0000 http://steffenbartsch.com/blog/?p=26#comment-533 Using authorization with active scaffold. How can you tell what actions are needed in the authorization_rules.rb tried adding :nested, :show_search, :row, :update_column, :destroy_existing, :edit_associated, :update_table to manage. But I'm still missing something!! :> Using authorization with active scaffold. How can you tell what actions are needed in the authorization_rules.rb tried adding

:nested, :show_search, :row, :update_column, :destroy_existing, :edit_associated, :update_table

to manage. But I’m still missing something!! :>

]]> By: Steffen Bartsch http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-498 Steffen Bartsch Sun, 21 Dec 2008 12:10:45 +0000 http://steffenbartsch.com/blog/?p=26#comment-498 has_role? accepts multiple role symbols, but only as multiple arguments, e.g. has_role?(:guest, :admin). To make your case work, use has_role?(*submenu.roles) to expand the array to multiple arguments. has_role? is not meant to provide authorization, though. permitted_to? with appropriate permissions is by far more flexible. Just for consideration. Steffen has_role? accepts multiple role symbols, but only as multiple arguments, e.g. has_role?(:guest, :admin). To make your case work, use has_role?(*submenu.roles) to expand the array to multiple arguments.

has_role? is not meant to provide authorization, though. permitted_to? with appropriate permissions is by far more flexible. Just for consideration.

Steffen

]]> By: steven p http://steffenbartsch.com/blog/2008/09/delclarative-authorization/comment-page-1/#comment-496 steven p Sat, 20 Dec 2008 23:51:07 +0000 http://steffenbartsch.com/blog/?p=26#comment-496 great plugin.. been trying to get has_role? working in a helper that builds my menu.. submenu.roles returns [guest,admin] current_user.roles returns the same. but a call to has_role?(submenu.roles) ..... always returns zero.. and ideas? I can email my code if needed.. tia.. :> great plugin.. been trying to get has_role? working in a helper that builds my menu.. submenu.roles returns [guest,admin] current_user.roles returns the same. but a call to has_role?(submenu.roles) ….. always returns zero.. and ideas? I can email my code if needed.. tia.. :>

]]>