Role-based Access Control for Ruby on Rails

Posted by Daniel Butler Sat, 22 Apr 2006 13:50:00 GMT

Manuel Holtgrewe with turingstudio.com has released ActiveRBAC 0.3.1, which now works with Rails 1.1. He writes, “ActiveRBAC is a Ruby on Rails library that provides a full stack RBAC (Role Based Authorization) system with user, group, role and permission management. It provides [views,] models and controllers to edit those models.”

Install ActiveRBAC using the following commands:

  ruby script/plugin discover
  ruby script/plugin install engines
  ruby script/plugin install active_rbac

Here’s some exapmle code for protecting a specific action within a controller.

before filter :protect controller, :only => :delete

def protect controller
  if !session[:rbac user].nil? and
      session[:rbac user].has role("Admin", "Editor")
    return true
  else
    redirect to ’/’
    flash[:error] = "You are not allowed to access this page"
    return false
  end
end

ActiveRBAC Manual - PDF
ActiveRBAC API Documentation
ActiveRBAC Trac

Posted in Ruby on Rails | 1 comment

↓ Sponsored Links ↓

↑ Sponsored Links ↑

Comments

Leave a response

nuke edit
Carl said 18 days later:

Hello there,

Is it any good compared to the other authentication mechanism? I am currently looking for an application control system. I checked SaltedLoginGenerator and auth_generator http://penso.info/rails/auth_generator/ Have you had the chance to compare with other user management systems?

Your comments are much appreciated.