Stack Overflow
Stack Overflow

Questions tagged [declarative-authorization]

The declarative authorization plugin offers an authorization mechanism for Ruby inspired by RBAC.

The declarative authorization plugin offers an authorization mechanism for Ruby inspired by RBAC. The most notable distinction to other authorization plugins is the declarative approach. That is, authorization rules are not defined programmatically in between business logic but in an authorization configuration.

Declarative authorization is an example of externalized authorization whereby business logic is cleanly decoupled from authorization logic. The latter can therefore be updated independently.

Declarative authorization benefits include:

  • easier to audit
  • easier to maintain

Other means to achieve externalized authorization include policy-based .

129 questions
18
votes
5 answers

Protect sensitive attributes with declarative_authorization

What's a cool way to protect attributes by role using declarative_authorization? For example, a user can edit his contact information but not his role. My first inclination was to create multiple controller actions for different scenarios. I…
jrhicks
  • 14,759
  • 9
  • 42
  • 57
11
votes
2 answers

Is devise compatible with declarative_authorization?

Just asking whenever devise authentication mechanism for Rails does not conflict with declarative_authorization. Maybe someone tried this combo and can share their knowledge, so I and other coders do not waste time trying to tie these ones up.
BlackTea
  • 1,274
  • 15
  • 27
8
votes
1 answer

Ruby: Declarative_authorization polymorphic associations

I have two models (Item and Theme). They are both owned by a third model Users with a has_many association (User has many Themes and Items). Both Item and Theme have_many :images. The Image model is a polymorphic association so the table has the…
Corith Malin
  • 1,505
  • 10
  • 18
8
votes
1 answer

declarative_authorization and namespaces

Do you know - can declarative_authorization control access to namespace'd resources or not? I've tried something like has_permission_on [:admin, :users], :to => [:index, :show, :new, :create, :edit, :update, :destroy, :search] but it's not working…
Alexey Poimtsev
  • 2,845
  • 3
  • 35
  • 63
7
votes
1 answer

if_attribute on declarative authorization

I have a many-to-many relationship like this: A user has_many organizations through affiliations and vice-versa. I'm using declarative organizations and I only want a user to edit a particular organization if he is affiliated and the affiliationtype…
Victor Martins
  • 1,355
  • 1
  • 12
  • 23
7
votes
3 answers

Rails: Undefined method 'to_sym'

I'm getting the following error in my deployed Rails 2.3.5 application: NoMethodError (undefined method `to_sym' for nil:NilClass): My local testing install of the application, which uses Sqlite, doesn't get the error, but my deployed app running…
Eric K
  • 277
  • 2
  • 3
  • 8
5
votes
2 answers

Declarative authorization and the if_attribute not working

I've been having almost the same issues as Victor Martin (you can see the questions asked here). I've got declarative authorization working for just about everything that doesn't involve using conditionals. E.g. has_permission_on :users, :to =>…
digitalWestie
  • 2,647
  • 6
  • 28
  • 45
4
votes
1 answer

Fix N+1 query in "declarative_authorization" gem using gem "bullet"

Currently I am working on one big web application and to make it work faster I decided to refactor all N+1 queries (to decrease number of requests to database, http://rails-bestpractices.com/posts/29-fix-n-1-queries). So I installed gem "bullet"…
makaroni4
  • 2,281
  • 1
  • 18
  • 26
4
votes
2 answers

Declarative Authorization with a permissions join table

Users have permission to manage articles for particular combinations of location and category. For example Dave may be allowed to manage HR articles for Paris. Paul may be allowed to manage Business articles for London. The models and their…
marc
  • 151
  • 1
  • 5
3
votes
0 answers

Are there any role-based declarative authorization frameworks for rich browser-based JavaScript web apps?

Before I say anything else: yes, I know authorization needs to be done on the server-side. Even so, the client-side app still has to hide the GUI elements that don't apply to the logged-in user. Having said that, here's the question: are there any…
thvo
  • 1,532
  • 2
  • 15
  • 29
3
votes
1 answer

How to set up declarative_authorization for every user

I have these two models: class Photo < ActiveRecord::Base belongs_to :user end class User < ActiveRecord::Base has_many :photos end and this set up of declarative_authorization for a role: role :reg_ser do has_permission_on :photos, :to…
user984621
  • 46,344
  • 73
  • 224
  • 412
3
votes
1 answer

How to pass through parameters during Devise login

How do I pass parameters during the Devise sign-in process? I have a collection of users, each with their own profile page. I want them to be able to view their own profile page but none of the other users' profile pages, unless they're an admin in…
Lester Peabody
  • 1,868
  • 3
  • 20
  • 42
3
votes
1 answer

Declarative_authorization doesn't seem to load?

I'm running bundler with rails 2.3.4. I'm trying to get declarative_authorization to work (I added it to my Gemfile). The error I'm getting is undefined local variable or method 'filter_resource_access'. I'm guessing this means that…
Steven Ou
  • 393
  • 2
  • 13
3
votes
3 answers

Rails authorization plugins

We are evaluating plugins for Authorization in Rails. The two at the top of our list are cancan and declarative_authorization. I would like to get some feedback from anyone currently using either of these plugins. The problem we are going to…
jacklin
  • 2,739
  • 1
  • 24
  • 31
3
votes
2 answers

declarative_authorization permissions on roles

I'm trying to add authorization to a rather large app that already exists, but I have to obfuscate the details a bit. Here's the background: In our app we have a number or roles that are hierarchical, roughly like this: BasicUser -> SuperUser ->…
William
  • 31
  • 2
1
2 3
8 9