I’m looking for a Rails 3 compatible plugin/gem/engine that takes a more auth-begets-auth approach. Most of the rails “authentication/authorization” plugins I’ve encountered are set up with a view to users signing up automatically. In the past I’ve simply used the core of these plugins (for auth purposes) and tacked my own functionality on in order to get the results I want.
It would be nice, though, if there were an existing “full service” plugin/gem/engine that approached the whole Authentication from the standpoint of there being a single (with future) super user and only they can create users? Sort of a management system approach instead of a “hey we trust anyone to join us” approach…?
In a perfect world I’d also like to dynamically adjust permissions for each role, but I’d be happy with just a more “paranoid” authorization/authentication model. If not, I’ll continue Frankensteining.
Best
You can set up the sign-up page with a
before_filterfor authentication with proper authorization so that random people can not create new users.I recommend CanCan which is a joy to manage Role abilities and denying all but admins to create new users. CanCan can also automatically authorize Controller actions and will not allow even to acquire the signup form if not authorized.