mvanholstyn / mhs_authentication_system
watch download tarball
public
Forks1Right
Watchers9Right
Description:
Homepage: http://mutuallyhuman.com
Clone URL: git://github.com/mvanholstyn/mhs_authentication_system.git
Click here to lend your support to: mhs_authentication_system and make a donation at www.pledgie.com !
100644 50 lines (39 sloc) 1.473 kb
raw blame history 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

Replaces SHA1 with SecureRandom
 
Overall
 ! Add Tests
 
Controller
 ? Update how restrict_to works so that it can be ignored in subclasses
 
Model
 ? Allow custom validation msg for role and priv validations
 ! Revisit mixin for role/priv/role_priv/forgot_pass/forgot_pass_mailer
 
Ideas
 * Signup hooks and options
 * Account activation
 * Object level privileges
 * Attribute level privileges
 ? controller/action privileges
 * Profile options
 * Preferences system
 ? view helpers (link_to, form_for, etc...)
 ? Syntax for asking for permission a & b (not just or)
 ? Users can belong to many roles
 ? can_xxx? helpers for privileges
 
Object level privileges
	http://agilewebdevelopment.com/plugins/scoped_access
 
Remember Me/Signup/Forgot Password/Activation 
	http://svn.rails-engines.org/plugins/login_engine/
	http://svn.rails-engines.org/plugins/user_engine/
 
Privilege Syntax
  http://agilewebdevelopment.com/plugins/simple_access_control
    uses "admin || manager" style syntax
    adds has_permission? helper on view
 
  http://opensvn.csie.org/ezra/rails/plugins/dev/acl_system2/
    uses "admin || manager" style syntax
    adds has_permission? helper on view
 
Privilege
  http://activeacl.rubyforge.org/
    has object level permissions
    you can explicitely deny users privileges (not sure if i like this)
    seems very complex, and the API does not seem very easy
 
	https://activerbac.turingstudio.com/
 
	http://www.writertopia.com/developers/authorization