Home/ Questions/Q 7574211
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T16:22:49+00:00

I just started developing with Ruby on Rails and I am looking for a

  • 0

I just started developing with Ruby on Rails and I am looking for a dynamic authorization plugin, that enables the administrator to associate permissions to roles and roles to users.

I found some post here at stackoverflow and in some forums and also some podcasts at railscasts.org targeting this subject but they all refering to acl9, declarative_authorization, Aegis, restful acl or even Authlogic which isn’t an authorization but an authentication plugin. The other ones do not offer the needed functionality.

So could someone tell me if it is possible to setup a web interface using ruby on rails to administrate the user roles?

So for now I migrated my database using the folowing migration.

class AddRolesAndRightsTables < ActiveRecord::Migration
  def self.up
    create_table :roles_users do |t|
      t.integer :role_id
      t.integer :user_id 
    end

    create_table :roles do |t|
      t.string :name
    end

    create_table :rights_roles do |t|
      t.integer :right_id 
      t.integer :role_id
    end

    create_table :rights do |t|
      t.string :name
      t.string :controller
      t.string :action
    end
  end

  def self.down
    drop_table :roles_users
    drop_table :roles
    drop_table :rights_roles
    drop_table :rights
  end
end

And in addition to some views and controller actions I added the following action to the ApplicationController.

def check_authorization
  user = User.find(session[:user])
  unless user.roles.detect do |role|
    role.rights.select do |right|
      right.action == action_name && right.controller == self.class.controller_path
    end
  end

  redirect_back_or user
  flash[:notice] = "You are not authorized to view the page you requested."
  return false
end

Running the Right.synchronize_with_controllers (see the Blog-Post from Wolfman-Blog), I get the following Error.

syntax error, unexpected $end, expecting kEND (line 17 in application_controller)
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I will suggest Ryan Bate’s cancan. It took me a while to understand how it works, but it’s really worth the effort to learn.

    In my full program, I am able to use a simple load_and_authorize_resource for all my controllers and add extra bits here and there to finish it up.

    Hopefully, there is no confusion between authentication and authorzation as well. If you want to quickly scaffold an admin interface, I suggest Active Admin.

    Otherwise, It’s probably more flexible to use cancan and namespace an admin controller =)

    Update

    To get a simple roles based permission interface based on cancan, where you probably create roles and assign permissions to them. 

    User belongs_to Role

Role has_many Users
Role has_and_belongs_to_many Permissions

Permissions has_and_belongs_to_many Roles

    Each Permission record defines an a Model and the RESTful action you can do to it.

    If you only need to define a Role but its permissions are static, I suggest you can just write them into Ability.rb in cancan and just do away with the Permission model.

    Sorry I can’t give you exact code because I haven’t had a need to implement a permissions based model.

    Cancan Railscast
    http://railscasts.com/episodes/192-authorization-with-cancan

    Another great Cancan tutorial
    http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/

    Abilities in DB: Cancan
    https://github.com/ryanb/cancan/wiki/Abilities-in-Database

    • 0