Controller filter parameters
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
Controller filter parameters
by Rodrigo Rosenfeld Rosas-3
::
Rate this Message:
Today I was writing an authentication filter to my controllers that needed some parameters. That is what I did: def self.verify_permission(permission, options={}) before_filter {|controller| controller.verify_permission(permission, options)} end def verify_permission(permission, options) # actual authentication code goes here end And check the permissions with, say: verify_permission :manage_simulation, :simulation => 1 #just ficticious Is it possible to do it with Rails directly with some syntax like the below? before_filter :verify_permission, :parameters => [:manage_simulation, {:simulation => 1}], :except => [:login] If not, it is not complicated to implement, so is there any reasons why this would be a bad idea? Thanks in advance, Rodrigo. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@... To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@... For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Controller filter parameters
by Eloy Duran
::
Rate this Message:
I assume you're looking for a good way to implement authorization rules, in which case you might want to take a look at the following plugin: http://github.com/Fingertips/authorization-san And checkout this rails template for more examples on how to use it: http://github.com/Fingertips/rails-template HTH, Eloy On Nov 2, 2009, at 2:19 PM, Rodrigo Rosenfeld Rosas wrote: > > Today I was writing an authentication filter to my controllers that > needed some parameters. That is what I did: > > def self.verify_permission(permission, options={}) > before_filter {|controller| controller.verify_permission(permission, > options)} > end > def verify_permission(permission, options) > # actual authentication code goes here > end > > And check the permissions with, say: > > verify_permission :manage_simulation, :simulation => 1 #just > ficticious > > Is it possible to do it with Rails directly with some syntax like > the below? > > before_filter :verify_permission, :parameters => [:manage_simulation, > {:simulation => 1}], :except => [:login] > > If not, it is not complicated to implement, so is there any reasons > why > this would be a bad idea? > > Thanks in advance, > > Rodrigo. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@... To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@... For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Controller filter parameters
by Rodrigo Rosenfeld Rosas-3
::
Rate this Message:
Hi Eloy, thank you for your suggestion, but I don't think it would satisfy my needs... In my case, a user has a role that can be attached to some conditions. For instance, the user 'manager' has a role 'institution_admin' only for institution 'manager_institution'... But anyway, that was just an example. I was really curious about filters supporting parameters directly. Best regards, Rodrigo. Em 02-11-2009 14:06, Eloy Duran escreveu: > I assume you're looking for a good way to implement authorization > rules, in which case you might want to take a look at the following > plugin: http://github.com/Fingertips/authorization-san > And checkout this rails template for more examples on how to use it: http://github.com/Fingertips/rails-template > > HTH, > Eloy > > On Nov 2, 2009, at 2:19 PM, Rodrigo Rosenfeld Rosas wrote: > > >> Today I was writing an authentication filter to my controllers that >> needed some parameters. That is what I did: >> >> def self.verify_permission(permission, options={}) >> before_filter {|controller| controller.verify_permission(permission, >> options)} >> end >> def verify_permission(permission, options) >> # actual authentication code goes here >> end >> >> And check the permissions with, say: >> >> verify_permission :manage_simulation, :simulation => 1 #just >> ficticious >> >> Is it possible to do it with Rails directly with some syntax like >> the below? >> >> before_filter :verify_permission, :parameters => [:manage_simulation, >> {:simulation => 1}], :except => [:login] >> >> If not, it is not complicated to implement, so is there any reasons >> why >> this would be a bad idea? >> >> Thanks in advance, >> >> Rodrigo. >> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@... To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@... For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Controller filter parameters
by Eloy Duran
::
Rate this Message:
Hey Rodrigo, > Hi Eloy, thank you for your suggestion, but I don't think it would > satisfy my needs... > > In my case, a user has a role that can be attached to some conditions. > For instance, the user 'manager' has a role 'institution_admin' only > for > institution 'manager_institution'... I don't completely follow the explanation of the example, but that would probably be easy with authorization-san. It already supports the idea of 'role' on an object. In all the projects we have used it, we haven't found one scenario that we couldn't solve. class InstitutionsController < ActionController::Base allow_access :institution_admin do # perform any checks and return truthy or falsy value end end > But anyway, that was just an example. I was really curious about > filters > supporting parameters directly. I'm not sure there is any reason to, since like I said we have been able to solve all situations we've come across. Besides that, I'm not sure that I find the examples you gave of how it would look like to be readable/understandable. Maybe it's the example, maybe it's me… Cheers, Eloy --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@... To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@... For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
[off-topic] Re: Re: Controller filter parameters
by Rodrigo Rosenfeld Rosas-3
::
Rate this Message:
Em 02-11-2009 15:05, Eloy Duran escreveu: > Hey Rodrigo, > > >> Hi Eloy, thank you for your suggestion, but I don't think it would >> satisfy my needs... >> >> In my case, a user has a role that can be attached to some conditions. >> For instance, the user 'manager' has a role 'institution_admin' only >> for >> institution 'manager_institution'... >> > > I don't completely follow the explanation of the example, but that > would probably be easy with authorization-san. It already supports the > idea of 'role' on an object. > In all the projects we have used it, we haven't found one scenario > that we couldn't solve. > > class InstitutionsController< ActionController::Base > allow_access :institution_admin do > # perform any checks and return truthy or falsy value > end > end > authorization-san. Let me put the examples in more detail. In my project, users have roles, which have permissions, as usual. But some roles are attached to some condition. In a role 'institution_admin', a user should be attached to some specific existent institution. But if a user belongs to 'system_admin' role, for instance, it shouldn't be attached to any conditions. I have in User: has_many :roles, :through => :assignments And in Assignment, there is 'user_id', 'role_id' and an integer 'condition' that could be null. The roles are fixed and I check that condition is filled in correctly depending on the role. There is a hash that maps the expected condition class to each role. If you think I could do the same with authorization-san, I would be glad to see a more in-depth example. Thank you, Rodrigo. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@... To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@... For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
Re: Controller filter parameters
by Manfred Stienstra
::
Rate this Message:
Hi Rodrigo, Here is an example of what you probably want: class User has_many :roles def institution_admin? roles.any? { |r| r.label == 'institution_admin' } end def system_admin? roles.any? { |r| r.label == 'system_admin' } end end class InstitutionController < ApplicationController allow_accesss(:system_admin) allow_accesss(:institution_admin) do @authenticated.institution == @institution end prepend_before_filter :find_institution private def find_institution @institution = Institution.find(params[:id]) end end Can you restart this discussion on the Rails Talk list and CC Eloy and me? This list is meant for discussing Rails core development. Thanks, Manfred On Nov 3, 11:16 am, Rodrigo Rosenfeld Rosas <rr.ro...@...> wrote: > Em 02-11-2009 15:05, Eloy Duran escreveu: > > > > > Hey Rodrigo, > > >> Hi Eloy, thank you for your suggestion, but I don't think it would > >> satisfy my needs... > > >> In my case, a user has a role that can be attached to some conditions. > >> For instance, the user 'manager' has a role 'institution_admin' only > >> for > >> institution 'manager_institution'... > > > I don't completely follow the explanation of the example, but that > > would probably be easy with authorization-san. It already supports the > > idea of 'role' on an object. > > In all the projects we have used it, we haven't found one scenario > > that we couldn't solve. > > > class InstitutionsController< ActionController::Base > > allow_access :institution_admin do > > # perform any checks and return truthy or falsy value > > end > > end > > I still can't figure out how would be the complete use case with > authorization-san. > > Let me put the examples in more detail. In my project, users have roles, > which have permissions, as usual. > > But some roles are attached to some condition. In a role > 'institution_admin', a user should be attached to some specific existent > institution. > > But if a user belongs to 'system_admin' role, for instance, it shouldn't > be attached to any conditions. > > I have in User: > > has_many :roles, :through => :assignments > > And in Assignment, there is 'user_id', 'role_id' and an integer > 'condition' that could be null. The roles are fixed and I check that > condition is filled in correctly depending on the role. > > There is a hash that maps the expected condition class to each role. > > If you think I could do the same with authorization-san, I would be glad > to see a more in-depth example. > > Thank you, > > Rodrigo. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@... To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@... For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~--- |
|
|
|
|
|
Re: [off-topic] Re: Re: Controller filter parameters
by Eloy Duran
::
Rate this Message:
Hi Rodrigo, The boolean accessors on the User model could probably be refactored, but you get the idea. class User < ActiveRecord::Base has_many :roles def institution_admin? roles.any? { |r| r.label == 'institution_admin' } end def system_admin? roles.any? { |r| r.label == 'system_admin' } end end class InstitutionController allow_accesss(:system_admin) allow_accesss(:institution_admin) do @authenticated.institution == @institution end prepend_before_filter :find_institution private def find_institution @institution = Institution.find(params[:id]) end end Can we continue this discussion on Ruby on Rails: Talk? This list is meant for discussions about Ruby on Rails core development. Manfred Sent from my colleagues' Mac pro. On Nov 3, 2009, at 11:16 AM, Rodrigo Rosenfeld Rosas wrote: > > Em 02-11-2009 15:05, Eloy Duran escreveu: >> Hey Rodrigo, >> >> >>> Hi Eloy, thank you for your suggestion, but I don't think it would >>> satisfy my needs... >>> >>> In my case, a user has a role that can be attached to some >>> conditions. >>> For instance, the user 'manager' has a role 'institution_admin' only >>> for >>> institution 'manager_institution'... >>> >> >> I don't completely follow the explanation of the example, but that >> would probably be easy with authorization-san. It already supports >> the >> idea of 'role' on an object. >> In all the projects we have used it, we haven't found one scenario >> that we couldn't solve. >> >> class InstitutionsController< ActionController::Base >> allow_access :institution_admin do >> # perform any checks and return truthy or falsy value >> end >> end >> > I still can't figure out how would be the complete use case with > authorization-san. > > Let me put the examples in more detail. In my project, users have > roles, > which have permissions, as usual. > > But some roles are attached to some condition. In a role > 'institution_admin', a user should be attached to some specific > existent > institution. > > But if a user belongs to 'system_admin' role, for instance, it > shouldn't > be attached to any conditions. > > I have in User: > > has_many :roles, :through => :assignments > > And in Assignment, there is 'user_id', 'role_id' and an integer > 'condition' that could be null. The roles are fixed and I check that > condition is filled in correctly depending on the role. > > There is a hash that maps the expected condition class to each role. > > If you think I could do the same with authorization-san, I would be > glad > to see a more in-depth example. > > Thank you, > > Rodrigo. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@... To unsubscribe from this group, send email to rubyonrails-core+unsubscribe@... For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~--- |
| Free embeddable forum powered by Nabble | Forum Help |
