What's the best way to implement ACLs to a Rails application?

ruby-on-rails ruby acl
Rui Vieira picture Rui Vieira · Sep 23, 2008 · Viewed 10.4k times · Source

I just wanted to compare different solutions used when implementing ACLs in Rails.

Answer

marzagao picture marzagao · Sep 23, 2008

I use the authorization plugin (Created by Bill Katz):

Roles can be authorized for the entire application, a model class, or a specific object. The plugin provides a way of checking authorization at the class or instance method level using permit and permit? methods. It also provides english-like dynamic methods like "user.is_manager_of project" (where "user" acts as authorized, "manager" is a role, and "project" is an authorizable model). You can specify how control is redirected if authorization is denied. (quote source)

Homepage: http://www.writertopia.com/developers/authorization

Docs: http://github.com/DocSavage/rails-authorization-plugin/tree/master/authorization/README.rdoc

You might also be interested in reading this comparison (from last year but still somewhat useful; it's where I got the above quote from): http://www.vaporbase.com/postings/Authorization_in_Rails

And a more recent comparison: http://steffenbartsch.com/blog/2008/08/rails-authorization-plugins/

Related questions

How to get a random number in Ruby

How do I generate a random number between 0 and n?

Read More
How do I get the current absolute URL in Ruby on Rails?

How can I get the current absolute URL in my Ruby on Rails view? The request.request_uri only returns the relative URL.

Read More
How to remove a key from Hash and get the remaining hash in Ruby/Rails?

To add a new pair to Hash I do: {:a => 1, :b => 2}.merge!({:c => 3}) #=> {:a => 1, :b => 2, :c => 3} Is there a similar way to delete a key from Hash ? This works: {:a => 1, :b => 2}.…

Read More