Every repository with this icon (
) is private.
Every repository with this icon (
) is public.
| name | age | message | |
|---|---|---|---|
 |
.gitignore | Sat Nov 08 06:50:22 -0800 2008 | |
| |
.gitmodules | Sat Nov 08 06:29:08 -0800 2008 | |
| |
README.rdoc | Thu Mar 05 11:24:31 -0800 2009 | |
| |
Rakefile | Sat Nov 08 06:18:57 -0800 2008 | |
 |
app/ | Wed Aug 19 03:58:14 -0700 2009 | |
| |
config/ | Mon Oct 12 13:41:59 -0700 2009 | |
| |
db/ | Sun Jun 14 04:16:20 -0700 2009 | |
| |
doc/ | Sat Nov 08 06:18:57 -0800 2008 | |
| |
lib/ | Fri Feb 13 12:33:13 -0800 2009 | |
| |
log/ | Sat Nov 08 06:55:54 -0800 2008 | |
| |
public/ | Fri Feb 13 11:15:19 -0800 2009 | |
| |
script/ | Sat Nov 08 06:18:57 -0800 2008 | |
| |
test/ | Thu Mar 05 12:42:00 -0800 2009 | |
| |
vendor/ | Mon Sep 14 02:06:39 -0700 2009 |
declarative_authorization Demo App
This Rails application serves as a demonstrator of the features of the declarative_authorization features. The declarative_authorization plugin provides an RBAC-inspired and declarative approach to authorization. It implements a DSL for specifying authorization rules outside of the program code. See the declarative_authorization README for more information.
github.com/stffn/decl_auth_demo_app
The demo app is a small conference management application, offering conference management for admins, conference and session sign up for registered users and a view of the available conferences and sessions to guests.
For easing the testing of the various roles, a simple user switcher is provided as a drop-down at the top of each page.
The declarative_authorization plugin lives at github.com/stffn/declarative_authorization
Getting Started
- Clone the demo apps repository
git clone git://github.com/stffn/decl_auth_demo_app.git
- Set up the database connection data by copying and possibly modifying
config/database.yml
cp config/database.yml.example config/database.yml
- Activate demo data, if you like
cp db/development.sqlite3.example db/development.sqlite3
- Initialize plugin submodules
git submodule init git submodule update
- Start server and point your browser to localhost:3000
./script/server firefox http://localhost:3000
Database Model
Conference -----* ConferenceAttendee *------ User -.
| | |
| (is given by) |
* | |
Talk *-(gives)-------------------------------' |
| *
`----------------------------------* TalkAttendees
Most Interesting Spots
A few tipps on where to start:
- Controller authorization with before_filters to load context objects at app/controllers/conference_controller.rb for a standard case and app/controllers/talks_controller.rb for a nested controller.
- Query rewriting to only retrieve those records from the database that the current user has certain privileges on in app/controllers/conferences_controller.rb in ConferencesController#index
- Model authorization for conferences in app/models/conference.rb
- View authorization: e.g. app/views/conferences/index.html.erb app/views/talks/index.html.erb
- Authorization rules in config/authorization_rules.rb
- Testing with specific roles in test/unit/conferences_test.rb for user-specific model tests, test/functional/conference_controller_test.rb for get/post/delete_with, test/test_helper.rb for the test environment setup for decl_auth
- decl_auth requirements:
- Controller#current_user in lib/authenticated_system.rb, which is included in ApplicationController
- Setting Authorization.current_user for model security in app/controllers/application_controller.rb
- A user model that responds to User#role_symbols with an Array of role symbols in app/models/user.rb
Authorization Browser
declarative_authorization comes with a browser for the application’s authorization rules and usages. Have a look at the information on the demo’s authorization after having started the app by pointing your browser to:
http://localhost:3000/authorization_rules
Contact
Steffen Bartsch TZI, Universität Bremen, Germany sbartsch at tzi.org
Licence
Copyright © 2008 Steffen Bartsch, TZI, Universität Bremen, Germany released under the MIT license
