This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
Run the following if you haven't already:
gem sources -a http://gems.github.com
Install the gem(s):
sudo gem install mdarby-restful_acl
RESTful_Authentication_example
Basic RESTful_Authentication / RESTful_ACL example start to finish.
Install RESTful_Authentication and RESTful_ACL plugins
cd vendor/plugins/
git clone git://github.com/technoweenie/restful-authentication.git
sudo gem install mdarby-restful_acl
script/generate authenticated user sessions
rake db:migrate
script/server
Go to http://localhost:3000/users/new
generate a resource named ‘Page’ as an example object:
script/generate resource Page title:string
rake db:migrate
include AuthenticatedSystem
# For RESTful_Authentication
map.activate '/activate/:activation_code', :controller => 'users', :action => 'activate', :activation_code => nil
map.signup '/signup', :controller => 'users', :action => 'new'
map.login '/login', :controller => 'sessions', :action => 'new'
map.logout '/logout', :controller => 'sessions', :action => 'destroy'
# For RESTful_ACL
map.error '/error', :controller => 'sessions', :action => 'error'
map.denied '/denied', :controller => 'sessions', :action => 'denied'
<h1 style='color:red'>ERROR!!!</h1>
<h1 style='color:red'>Access Denied!</h1>
<p style="color: green"><%= flash[:notice] %></p>
<p style="color: red"><%= flash[:error] %></p>
<% if logged_in? %>
Currently logged in: <%= current_user.login unless current_user.blank? %><br />
<%= link_to 'Log Out', logout_url %>
<% else %>
<%= link_to 'Log In', login_url %>
<% end %>
#Please note that the contents of these methods are completely arbitrary.
#So long as they return a boolean true/false, they may contain anything you wish
belongs_to :author, :foreign_key => 'created_by_id', :class_name => 'User'
def is_updatable_by(user)
user.eql?(author)
end
def is_deletable_by(user)
user.eql?(author)
end
def self.is_readable_by(user, object = nil)
true
end
def self.is_creatable_by(user)
user.logged_in?
end
Add the below two lines into app/controllers/pages_controller.rb. The first line forces a user to login before editing, creating, or deleting a Page. The second line tells RESTful_ACL to check permission when doing these restricted actions:
before_filter :login_required, :except => ["index", "show"]
before_filter :has_permission?, :except => ["index", "show"]
Now your application is ready to test. A non logged in user cannot create a new Page, and editing/deleting an existing Page can only be done by the author of the Page.
