I am looking for a good role based authorization solution to use alongside Authlogic. Anyone have any good suggestions? Please list some pros and cons from your experience if possible please.
Acl9 works great with AuthLogic:
http://github.com/be9/acl9/tree/master
At RailsConf, I saw a lightning talk on Lockdown and was very impressed. Anyone with a modest amount of db and rails experience can roll their own ACL system, but Lockdown looks nice because it tries to keep the permission stuff out of the way.
http://lockdown.rubyforge.org/
I had used role_requirement previously but I didn't dig it.
I have recently have been using a gem called easy_roles. Super light weight and super easy to use. It's also flexible enough for you to implement your own controller security etc etc.
http://github.com/platform45/easy_roles
Check out http://blog.platform45.com/2009/10/05/howto-basic-roles-for-users for basic role requirement, works with restful_authentication and authlogic..
It's really simple, fast and lightweight.
Related
Im learning Rails by building apps.
I want to make my first authenticated app: users signup, login, do some changes in models they have access to and logout.
I did the Google search but it is quite confusing: many plugins, many tutorials. Don't know where to start.
Is there a state-of-the-art authentication method for Rails? What do you use in Production to authenticate your users?
Any help in this will be helpful. Thanks
I've used authlogic in the past and have been quite happy with it. Ryan has a railscast (video tutorial) for authlogic here.
+1 to Jason, -1 to NSD and sparky. Authentication system is not the thing you want to build yourself, at least if you're aiming for production use. It's like inventing your own encryption algorithm - it's a lot more safe to use something extensively tested and well-developed.
I've also been using authlogic, but there are some alternatives over there - like the good old restful authentication, and devise, which I guess is more modern so to speak. BTW the two latest railscasts are devoted to devise.
If your application is simple and just want a simple and secure user login page you might want to look into the Restful Authentication plugin. Its very easy to use and if you don't have much authentication requirements this should do fine.
script/plugin install git://github.com/technoweenie/restful-authentication.git
script/generate authenticated user sessions
rake db:migrate
You can find out more by checking out this excellent railscast.
As A beginner I would recommend Restful Authentication as its simple to set up and will get you up and running with no time
following is a step by step guid
http://avnetlabs.com/rails/restful-authentication-with-rails-2
and authlogic - (http://github.com/binarylogic/authlogic) is another great plug in which is more flexible but requires some work to implement user registration and stuff
cheers,
sameera
One man's state-of-the-art authentication system is another man's worthless pile of garbage. You're almost always better off rolling your own in the long run. O'Reilly's Ruby Cookbook has some extremely basic examples that will set you off in the right general direction, then you can decide whether or not other people's solutions are right for you.
I would agree with NSD. Figuring out the plugins & how they should mesh with your application to me longer than creating an auth system in my latest application.
My tips - create a user_sessions controller and use normal CRUD methods to handle creating/destroying (ie logging in & out). Create another model for the user - it can handle create accounts & updating (ie changing passwords). Stick a :before_filter on each controller which needs protection.
Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best!
I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might you guys can tell me what is good and what is bad..?
You need to split authentication from authorization.
Authentication covers the login/logout process. Authorization is directly linked to permission to see/use resources.
Authlogic is a very good authentication gem.
For authorization you can check CanCan from Ryan Bates, which is very simple to integrate with authlogic (just a single file in the models folder called ability.rb in which you configure all the app authorizations).
EDIT: You can also go with a simpler solution but you will lose flexibility
I used Devise and it worked quite well, however it did not met my needs...
What you might need however looks like something super simple, something like this: http://railscasts.com/episodes/21-super-simple-authentication
I use Authlogic for authentication and DocSavage's Rails Authorisation plug-in for authorisation needs. Its a simple yet powerful plug-in.
Rails authorisation plug-in: http://github.com/DocSavage/rails-authorization-plugin
We are evaluating plugins for Authorization in Rails. The two at the top of our list are
cancan and declarative_authorization.
I would like to get some feedback from anyone currently using either of these plugins.
The problem we are going to face with any authorization plugin is that we have a
database per customer model and will need to modify the plugin to work within that
model. Because of this fact I'm interested in hearing from anyone who has had to tweak the
plugins at all as well.
I'm just starting to look around at the code. It seems like cancan might be a little easier to customize.
Any thoughts?
Cancan is a lighter weight plugin for smaller sites. You can see a video on railscasts.
http://railscasts.com/episodes/192-authorization-with-cancan
I've used declarative_authorization with authlogic/restful_auth for several projects. It has everything you would need. 1) Model security. 2) Controller security 3) methods available to the view to check auth.
The only frustrating thing I've run into with declarative_authorization is me not reading the rdocs.
http://railscasts.com/episodes/188-declarative-authorization
Authority
I'd suggest you also check out my new gem, Authority. Because you do the actual logic in plain Ruby classes and methods, you can check any data source you need to: different databases, static files, phases of the moon via a web request, you name it. :)
I ended up using declarative_authorization. Now it seems that auth_logic is where the community is headed.
declarative_auth would have been really simple if it wasn't for our apps multi-tennant db
model. I had to modify the source a bit to make it all work, but it wasn't too tough to do, and
I was pretty green when I started this project.
It seems like you really can't go wrong with any of the solutions. cancan seemed cool too
but it would have needed more mods for what I was doing so I decided against it.
Its written by Ryan Bates though which is cool. Love rails casts! :)
I know this post is old but I figured I'll update any because you never know.
I'm looking for a Rails plugin that eases the development of a "friends" system or social networking system for the latest versions of Ruby on Rails.
Before anyone says it...I know, I should probably create it myself, from scratch. And I am fully capable of this (I think). I'm just looking for a good plugin that can a.) make life a bit easier for me and b.) give me some ideas for reference.
I tried to make my own authentication system, and did what I thought was okay, but then I switched to restful_authentication and realized how poor my system was in comparison.
Thanks in advance...
U might wanna try Community Engine
from the website
CommunityEngine is a free, open-source
social network plugin for Ruby on
Rails applications. Drop it into your
new or existing application, and
you’ll instantly have all the features
of a basic community site.
it uses engines, easy to change layouts or do modifications
real world example - http://www.weebabystuff.com/
another option I know is Insoshi as Chuck posted
updated : look at this blogpost http://jimneath.org/2008/04/25/building-a-social-network-site-in-rails/
-- Ed :) --
You could look into http://lovdbyless.com/
This is a free open-source Rails social networking app which should give you plenty of ideas and pointers.
Ronald
You HAVE to see this railscasts video.
try acts_as_network plugin
The only one I know of is Insoshi. I haven't used it myself, but it sounds like that's what you're looking for.
I would recommend using OpenID library for rails to handle authentication.
On top of what others have said, there's also acts_as_network. The bonus of this one is that it's a pure plugin (doesn't require engines). Not having to worry about engines is a huge plus. The downside, of course, is that it's not a full fledged social network. It's just a friending plugin for models.
You might want to checkout the Amistad gem. It looks pretty simple and it supports both Mongoid and Active Record.
For avatars i would use avatar and try will-paginate for pagination. other then that i love can_serach to make it alot easier to search in the database.
You should also look at the other gems by technoweenie. There is alot of great stuff there that can help you
I've just been researching this myself and chosen to go with Bort & CommunityEngine
Bort because I am familiar with it already and it provides all you need in user authentication and basic application functionality. Community Engine because it is an Engines based plugin and some aspects of Engines are being merged into Rails 2.3 so I know what I learn will continue to be useful and because CommunityEngine seems more modular while lovedbyess and Insoshi seem more like complete applications and I suspect it would likely be more work to disentangle the features I want from the ones I don't. However, take that with a huge grain of salt since it is just based on high-level quick browse initial impressions.
If you just want an activity feed then there is the activity streams plugin
I need to add role based permissions to my Rails application, and am wondering what the best plugins out there are to look into. I am currently using the RESTful authentication plugin to handle user authentication. Why is the plug in you suggest better than the other ones out there?
Ive got to recommended easy_roles. Its super light weight, and doesn't require extra tables etc etc.
http://github.com/platform45/easy_roles
http://gemcutter.org/gems/easy_roles
But role authentication is definitely site dependent. Different role authorization plugins suit different sites.
If you dont feel easy_roles suits your needs, check out:
http://ruby-toolbox.com/categories/rails_authorization.html
I use, and really like, role_requirement:
http://code.google.com/p/rolerequirement/
We've put role_requirement into Bort too, as it's probably the best solution out there at the moment.
I'm a very satisfied user of ACL
http://agilewebdevelopment.com/plugins/acl_system
do try it!
I recommend Rails Authorization which will work with Restful Authentication quite nicely.