I'm developing a rails 3 application using inherited_resources and devise.
I tried to use cancan as my authorization plugin and it wasn't enough (i need more complex conditions for my authorization rules).
I also tried using declarative_authorization but my rules didn't work for the "index" method of my controllers.
Is there a RELIABLE rails plugin to handle authorization ?!
Thanks !
You can see a list of authorization gems in here. My advice to you is you should give cancan a second chance. It handles almost everything about authorization.
Related
I'm trying to create a webapp using Backbone.js 0.9.2 + Rails 3.2.0. I'm having trouble figuring how to link authentication & authorization (role management) with the app. I'd like to use as much off-the-shelf product as possible.
After some research, I think Devise is pretty nice for user management, but I don't see any tutorials on Devise + Backbone.js. Does anyone have suggestions?
Also, I keep hearing about CanCan. Do I need it if I'm going to use Devise? Are there other options?
Cheers,
Dean
Devise handles authentication and CanCan handles authorization. I'm not sure how backbone.js plays into things since I've never used it before.
Just in case you're wondering, authentication has to do with logging in and logging out. And authorization is seeing if a logged in user or guest has access to utilize particular resources of your application. That's the nutshell from what I've read about it. Of course, I could be mistaken as I'm no expert with these things.
There are other options, but Devise and CanCan has been well established in the Rails community:
https://www.ruby-toolbox.com/categories/rails_authorization
https://www.ruby-toolbox.com/categories/rails_authentication
Good luck!
I have a rails 2.3.8 application that has an admin folder that if anyone enters
/admin/anything
they need to be prompted for a login...I was looking for a good approach to do this
here the resources I was looking at authorization and authentication
The way I was thinking was to install authlogic or cancan or both or neither....not sure if anyone has a better solution. BTW I dont want authentication anywhere on the site
The best way to do this is to have all controllers under the admin/ namespace inherit from an AdminController with a before_filter that handles authorization
The simplest way to do this is to use http_basic authentication (railscast)
If you want multiple user/passwords, but without the complexity of devise/authlogic, try nifty_authentication (via ryan bates' nifty generators)
As ruby-toolbox indicates, CanCan and Devise are the most popular authorization / authentication solutions for rails. Check out the always excellent railscasts.com episodes to get started:
http://railscasts.com/episodes/192-authorization-with-cancan
http://railscasts.com/episodes/209-introducing-devise
Railscasts is a fantastic resource for quickly getting up to speed on rails topics.
I have integrated Devise and OmniAuth with my Mongoid ORM setup using the following examples:
https://github.com/plataformatec/devise/wiki/Example-Applications
My client code is mostly JavaScript (ExtJS) and relies on JSON for all of the communication. I use no Rails templates. I am looking to build a multi-provider authentication model, primarily using user/pass, Facebook, and Twitter. I am having difficulty putting together the full User authentication flow with respect to my application stack.
I am looking for an example that uses JSON responses to the standard authentication actions, instead of redirects, and provides an integration with OmniAuth that uses Mongoid. In addition to the above examples, I have gone through Ryan Bates' Railscasts on Devise and OmniAuth. Every example I have worked through so far have either been ActiveRecord, or Rails template oriented. Any pointers are appreciated!
This (https://github.com/fertapric/rails3-mongoid-devise-omniauth) is a good example app for getting set up with rails 3, devise, omniauth and mongoid, and a tutorial to go along with it here: https://github.com/fortuity/rails3-mongoid-devise/wiki/Tutorial-(Walkthrough)
Then you'll need to override the user sessions controller to provide the correct json responses for your app, there is a good example here: https://gist.github.com/733647 and here: http://groups.google.com/group/plataformatec-devise/browse_thread/thread/daa3332b3c4a1b4b
Hope this helps
I would suggest that you roll your own authentication mechanism using Rails 3.1 ActiveModel::SecurePassword instead of using Devise. You will get a cleaner solution that way than trying to tweak Devise to provide JSON responses.
If you can't use Rails 3.1, I would still suggest that you roll your own instead of overriding an internal Devise method (which the gist that Nesbitt links to does).
I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1
I am working on an application that is currently using thoughtbot's clearance as its authentication piece. I want to add openID to this application and know that thoughtbot has an open_id_authentication plugin. Does anyone know how easy it is to go about doing this or if there is a tutorial or anything somewhere?
The "open_id_authentication" plugin is not originally Thoughtbot's, it's probably just their fork of the main one. That plugin provides some useful controller methods, but doesn't integrate with Clearance out-of-the-box. You'll have to study how both work and write additional code in your app that inherits from Clearance controllers and mixes in OpenID authentication logic.