Ok..
@ Marnen - At the time when looking through Authentication Plugins
didn't get the impression most developers rather use different plugins
(other thena Restful_Auth) nowadays..
on the other hand - I didn't quite ask and tried to figure it all by
myself while feeling a "newbie" (till two days ago I think) so I think
now is a good time to ask and receive answers..
HJ - Thanks you! though currently using aasm, your description of how
to use state_machine plugin was very helpful to my basic
understanding..
Now following also Marnen's remark (thanks again Marnen), I'm
wondering.. should I replace the plugins I'm using?
Restful_Authentication and AASM included?
Can you guys recommend me of plugins you find better and better-how?
(no offense to other plugins of course)? also, are they Rails 3
compatible (though currentl using InstantRails with Rails 2.3.5, but
considering to move to Rails 3 when it's s table version..)
Thanks again :)
Best,
tino.
From: H.J. Blok
Date: Wed, 2 Jun 2010 04:46:31 -0700 (PDT)
I can share my solution, maybe you can find the corresponding methods
for AASM...
For example when you have an Article, you define a before_transition
within the state definition. The before_transition uses the method
is_authorized_for? to determine if the user is authorized for the
transition.
class Article < ActiveRecord::Base
state_machine :initial => :unpublished do
before_transition all => all do |article, transition|
article.is_authorized_for?(transition)
end
event :publish do
transition :unpublished => :published
end
event :unpublish do
transition :published => :unpublished
end
state :unpublished
state :published
end
...
# Method to check if user is authorized to do state transition
def is_authorized_for?(transition)
permitted_to?(transition.event.to_sym)
end
end
In your authorization_rules.rb you will have something like this:
authorization do
role :admin do
has_permission_on [:articles], :to => [:publish, :unpublish]
end
end
When a authenticated user tries to alter the state of an unpublished
Article, the is_authorized_for? will only return true if the user has
the :admin role.
Hope this helps...
--
Posted via http://www.ruby-forum.com/.
On Jun 2, 3:34 pm, Marnen Laibow-Koser <li...@ruby-forum.com> wrote:
> A little off topic, but...get rid of restful_authentication as soon as
> possible! It fills your User model with unmaintainable generated code,
> and should never ever be used now that better alternatives exist. I use
> Authlogic; others seem to like Devise.
>
> Best,
> --
> Marnen Laibow-Koserhttp://www.marnen.org
> mar...@marnen.org
> --
> Posted viahttp://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-t...@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
