Role Based Security for Attributes in Rails

Question

Role Based Security for Attributes in Rails

I am looking for a plugin that provides a role-based authorization mechanism to provide read and write access to attributes. I present something like declarative_authorization strings for the white attributes of the listing of model objects. I spent some time looking around, but came up with a short one, does anyone know anything?

EDIT: I use declarative_authorization to control which users have access to which actions in the controller, but I need something similar that provides access control to the attributes of each model object. I am trying to prevent information leakage through the web API or users when creating malicious messages. I can do this through mass_assignment_authorizer, but I was hoping some plugin did this already.

+4

ruby ruby-on-rails ruby-on-rails-3 rubygems ruby-on-rails-plugins

MrEvil Mar 22 '11 at 6:15

source share

2 answers

jrhicks · Answer 1 · 2011-11-19T20:33:25+0000

CanCan Branch 2.0

https://github.com/ryanb/cancan/tree/2.0

Edit:

The continuation of CanCan is called CanCanCan.

See https://github.com/bryanrite/cancancan

fengolly · Answer 2 · 2011-03-22T07:28:26+0000

How to create a model / controller pair for each controller, and then allow each role only access to methods in the controller? Then you can do before_filter in each controller, which ensures that every user has the right to use the methods in that controller.

Role Based Security for Attributes in Rails

More articles: