Simple Access Control: First Release

Posted by Mathew Abonyi Fri, 28 Jul 2006 17:29:00 GMT

In keeping with my promise from the previous post on acl_system2 and the new access control system I created, I’ve released it as a plugin:

script/plugin install http://mabs29.googlecode.com/svn/trunk/plugins/simple_access_control

It’s usage is very intuitive:

class ApplicationController
access_rule 'admin', :only => :create
access_rule 'moderator || admin', :only => :new

Treat it just like a before filter. Your rules are composed of titles, which require you to have a Role model with a has_and_belongs_to_many relationship with your user model (you may name your user model anything you like, but it is vital that you have an accessor called current_user). You also get a few freebies, like restrict_to(rule, &block), has_permission?(rule, user = current_user), and two backward compatible commands for acl_system2 users: access_control and permit?.

If you need more pointers, all of this is explained in the README.

Posted in  | 24 comments | 6 trackbacks

Comments

Leave a response

  1. Markus said 3 days later:

    I like it very much but I still have a problem using it: this rule works: access_rule ‘admin’, :only => :adminzone But now I want that the admin can acces the userzone, too. But the role doesn’t work: access_rule ‘user || admin’, :only => :userzone I hope you can help me ;-)

  2. Mathew Abonyi said 3 days later:

    Markus, thanks for pointing that out. I must’ve forgotten to test my regexp. If you update your version of Simple Access Control, everything should work fine.

  3. Markus said 4 days later:

    Thanks Mathew for fixing it. Now it works just perfect :-)

  4. Evan said 4 days later:

    hi! great plugin fix! i’m planning to extend it to allow access control inheritance for parent roles. but i can’t seem to get a hold of it. opensvn.csie.org has been down for quite a while now.

  5. Mathew Abonyi said 5 days later:

    Thanks for the heads up. I’ll be moving the plugins to code.google.com soon enough.

  6. Markus said 5 days later:

    Unfortunatly I have another problem since moving to the fixed version. Now the protected action permission_denied doesn’t work anymore. Where can the problem be? I hope you can help me again because I’m new to rails and especially to debugging it on my own.

  7. Mathew Abonyi said 5 days later:

    That is beginning to sound like it is out of my hands, unfortunately. Have you tried asking on #rubyonrails @ irc.freenode.net? If you are on Mac OS X, pick up Colloquy and check it out (I’m on there as mabs29).

    To offer some quick advice, the protected permission_denied method is only called if your controller responds to it. If you think it is a public/protected/private problem, fiddle with the declarations in both your controller and vendor/plugins/simple_access_control/lib/simple_access_control.rb.

    Good luck!

  8. scott said 5 days later:

    Hi, Mathew

    great work on the plugin.

    I have installed and updated teh database as required, and have linked a user to a role of admin.

    however when I put the rule [ access_rule ‘admin’, :only => :index ] in my account contoller, the page jsut returns a blank page.

    Is this a bug or have I missed a stage, should I have used script/generate to create any extra views / controllers?

    thanks Scott

  9. Mathew Abonyi said 5 days later:

    If you aren’t the admin, it will have returned false to the before_filter, halting the execution of your controller. You need to define a permission_denied protected method in your ApplicationController if you don’t want a blank.

    In the coming revision, I will have a default for permission_denied and granted: 
    def permission_granted
end
def permission_denied
  render :text => 'Permission Denied'
end

    Hope that helps.

  10. Scott said 6 days later:

    hi,

    thanks for the help, but I have set it up so it should allow me to access the page.

    mu users table has a user with id => 1 and login => scott

    roles table has id => 1 title => admin

    roles_users role_id => 1 user_id => 1

    my account class has the following

    access_rule ‘admin’, :only => :index

  11. Mathew Abonyi said 6 days later:

    Do you have ‘has_and_belongs_to_many :roles’ in your User model?

    Also, are you migrating from acl_system2 or approaching this plugin afresh?

    Note: I didn’t want to step on Ezra’s toes, since he provided a very nice plugin that I used for a while, but it sounds like I should make the install script create a working setup and repeat any necessary documentation from his plugin in my README. If there are steps you followed that I didn’t list or aren’t in Ezra’s plugin, please let me know so I can include them in the next revision.

  12. Scott said 7 days later:

    Hi,

    No, I didn’t have the relationship set up in the user model. All working now.

    I haven’t used the acl_system before so came straight too simple_access_control.

    I believe adding the above to your documentation could be useful for other users.

    Thanks for your help, Scott

  13. Evan said 8 days later:

    Something’s weird here. I’ve defined permission_denied on my ApplicationController to redirect to the home page, but when I try to browse a page under access control, I only see a blank page. It does work when access is permitted, but not when denied. Any help on this? Thanks.

  14. Markus said 15 days later:

    I stil have the same problem as Evan. If somebody has fixed it, please comment how you’ve done it.

  15. Mathew Abonyi said 16 days later:

    Only got around to it now. The reason it never surfaced in my application was, quite simply, I always required a person to be logged in first. I made an update which calls permission_denied if you are not logged in—the reason for this is that current_user is required for checking permissions.

    If you have a guest account, I suggest all newcomers are automatically given the user ‘anonymous’ or ‘guest’. You’ll have to give all real users the ‘user’ role and then you can filter out anonymous/user/admin appropriately.

    Hope that all solves your problems, Markus and Evan.

  16. Bonfire of the evanities » Blog Archive » So para programadores do Rails said 5 months later:

    [...] simple_access_control – A nice user authorization extension for the acts_as_authenticated plugin. Simple, but efficient and elegant, just the way I like things. (That’s why I love Rails.) [...]

  17. Dustin S. said 6 months later:

    Just a note, if you wish to have true join models:

    User: has_many :rights has_many :roles, :through => :rights

    This works just as well. And rights is just a join table with a user_id and role_id. Can name rights whatever you wish as well.

  18. Mathew Abonyi said 6 months later:

    Good one, Dustin. I forgot to note that adding rights is pretty straightforward for SimpleAccessControl, though I personally haven’t needed to add that functionality yet.

  19. Valery said 9 months later:

    can’t get it running.

    BTW, in the README stated: “SimpleAccessControl is a streamlined”, but it doesn’t look to be equipped with two most important views/controllers for this. Indeed, there is no page to manipulate roles, no page to manipulate users.

    this plugin is not for newbies, but the bigger guys seem to able to write ACL stuff like this on their own, so what’s the point? ;)

  20. Lucas said 11 months later:

    Valery: It’s so “bigger guys” don’t have to repeat each other (DRYAO). Besides, assigning roles to users is something that’s usually very tied to the nature of your application, so default controllers wouldn’t make much sense.

  21. Cal Atiyeh said about 1 year later:

    This plugin is the most straight forward and effeicient (low weight) access control every made, I love it.

  22. Jenman said about 1 year later:

    When I try to use this plugin, I get a:

    uninitialized constant User::Role

    error. There’s no Role model of course, so where is that supposed to come from?

    This plugin needs a little setup how-to…not enough documentation.

  23. Cham said about 1 year later:

    I have been using your simple_access_control plugin successfully until I checked my code out on a different machine (same ruby version and rails is frozen to 1.2.3) now I get errors. I wonder if you could point me in the right direction as to what is wrong?

    If you have time I would be very thankful.

    CODE: <% restrict_to ‘admin || manager || report_viewer’ do %> <% end %>

    ERROR: ./script/../config/../vendor/plugins/simple_access_control/lib/simple_access_control.rb:123:in `check’: You have a nil object when you didn’t expect it! The error occurred while evaluating nil.downcase

    STACK: vendor/plugins/simple_access_control/lib/simple_access_control.rb:107:in `process’ vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:123:in `map’ vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:123:in `send’ vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:123:in `method_missing’ vendor/rails/activerecord/lib/active_record/associations/has_and_belongs_to_many_association.rb:91:in `method_missing’ vendor/plugins/simple_access_control/lib/simple_access_control.rb:123:in `check’ (eval):1:in `process’ (eval):2:in `send’ (eval):2:in `restrict_to’ #{RAILS_ROOT}/app/views/account/index.rhtml:19:in `_run_rhtml_47app47views47account47index46rhtml’ -e:4:in `load’ -e:4

    ——

    CODE: access_rule ‘data_entry || manager || admin’

    ERROR: vendor/plugins/simple_access_control/lib/simple_access_control.rb:123:in `check’: You have a nil object when you didn’t expect it! The error occurred while evaluating nil.downcase

    STACK: vendor/plugins/simple_access_control/lib/simple_access_control.rb:107:in `process’ vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:123:in `map’ vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:123:in `send’ vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:123:in `method_missing’ vendor/rails/activerecord/lib/active_record/associations/has_and_belongs_to_many_association.rb:91:in `method_missing’ vendor/plugins/simple_access_control/lib/simple_access_control.rb:123:in `check’ (eval):1:in `process’ -e:4:in `load’ -e:4

  24. Cham said about 1 year later:

    Okay finally worked this out, I had a role which has a empty string for the title. Makes sense now looking at the error!!

Trackbacks

Use the following link to trackback from your own site:
http://www.mathewabonyi.com/articles/trackback/14

  1. From Free online freebies
    Free online freebies: Cool freebies online
    If you want some great online freebies check this out now!
  2. From smithsonian gift catalog
    Power outages still plague local
    This report can be used by contractors wishing to obtain building permits for repairs, insurance companies during claim valuations, and
  3. From Buy phentermine online view link blog universe.
    Buy cheap online phentermine.
    Phentermine diet pills buy online. Phentermine side effects gt buy phentermine online. Buy phentermine buy phentermine online zayfa. Buy phentermine order cheap online. Cod phentermine online pharmacy phentermine buy. Phentermine buy cheap online....
  4. From Fha loan guidelines for hud mortgage loans.
    Mortgage loans.
    Bad credit mortgage loans. Mortgage loans-third party originator rules. San diego mortgage loans. Mortgage loans. Mortgage loans no closing cost. Texas real estate mortgage loans.
  5. From Atomoxetine.
    William adams and atomoxetine.
    Eli lilly atomoxetine hci. Atomoxetine. Atomoxetine hydrochloride. Eli lilly atomoxetine. Strattera atomoxetine. Atomoxetine and drug abuse liability.
  6. From Paxil.
    Paxil.
    Paxil studies. Paxil cr. Lawsuits against paxil. Paxil side effects. Paxil. Paxil withdrawal and skin irritations. Paxil paxil cr.

RSS feed for this post trackback uri

(leave url/email »)

   Comment Markup Help Preview comment