Ok.. @ Marnen - At the time when looking through Authentication Plugins didn't get the impression most developers rather use different plugins (other thena Restful_Auth) nowadays.. on the other hand - I didn't quite ask and tried to figure it all by myself while feeling a "newbie" (till two days ago I think) so I think now is a good time to ask and receive answers..
HJ - Thanks you! though currently using aasm, your description of how to use state_machine plugin was very helpful to my basic understanding.. Now following also Marnen's remark (thanks again Marnen), I'm wondering.. should I replace the plugins I'm using? Restful_Authentication and AASM included? Can you guys recommend me of plugins you find better and better-how? (no offense to other plugins of course)? also, are they Rails 3 compatible (though currentl using InstantRails with Rails 2.3.5, but considering to move to Rails 3 when it's s table version..) Thanks again :) Best, tino. From: H.J. Blok Date: Wed, 2 Jun 2010 04:46:31 -0700 (PDT) I can share my solution, maybe you can find the corresponding methods for AASM... For example when you have an Article, you define a before_transition within the state definition. The before_transition uses the method is_authorized_for? to determine if the user is authorized for the transition. class Article < ActiveRecord::Base state_machine :initial => :unpublished do before_transition all => all do |article, transition| article.is_authorized_for?(transition) end event :publish do transition :unpublished => :published end event :unpublish do transition :published => :unpublished end state :unpublished state :published end ... # Method to check if user is authorized to do state transition def is_authorized_for?(transition) permitted_to?(transition.event.to_sym) end end In your authorization_rules.rb you will have something like this: authorization do role :admin do has_permission_on [:articles], :to => [:publish, :unpublish] end end When a authenticated user tries to alter the state of an unpublished Article, the is_authorized_for? will only return true if the user has the :admin role. Hope this helps... -- Posted via http://www.ruby-forum.com/. On Jun 2, 3:34 pm, Marnen Laibow-Koser <li...@ruby-forum.com> wrote: > A little off topic, but...get rid of restful_authentication as soon as > possible! It fills your User model with unmaintainable generated code, > and should never ever be used now that better alternatives exist. I use > Authlogic; others seem to like Devise. > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > mar...@marnen.org > -- > Posted viahttp://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.