stffn / decl_auth_demo_app

Branches (1)
- master ✓
Tags (0)

Demo Rails application that uses declarative_authorization — Read more

This URL has Read+Write access

Fixed error when user without roles is logged in

stffn (author)

Wed Nov 18 02:02:17 -0800 2009

commit 2e4db6b520834b5c1d68d762598da100d6026952
tree 7355857dcb7a6d0208e82e1c31f65c7a680c3421
parent 3c5c13b832f0672c73e35f17fe97f9f3a069275e

decl_auth_demo_app /

name	age	history message
.gitignore	Sat Nov 08 06:50:22 -0800 2008	Set up demo data [stffn]
.gitmodules	Sat Nov 08 06:29:08 -0800 2008	Added restful-authentication and declarative_au... [stffn]
README.rdoc	Thu Mar 05 11:24:31 -0800 2009	A handful of pointers into the apps code on whe... [stffn]
Rakefile	Sat Nov 08 06:18:57 -0800 2008	Initial commit [stffn]
app/	Wed Nov 18 02:02:17 -0800 2009	Fixed error when user without roles is logged in [stffn]
config/	Wed Nov 18 01:43:34 -0800 2009	Switching to Rails 2.3.4 [stffn]
db/	Sun Jun 14 04:16:20 -0700 2009	changed require in add first user migration to ... [Ben Carpenter]
doc/	Sat Nov 08 06:18:57 -0800 2008	Initial commit [stffn]
lib/	Fri Feb 13 12:33:13 -0800 2009	Activated model security throughout the demo ap... [stffn]
log/	Sat Nov 08 06:55:54 -0800 2008	Forcing git to create log dir [stffn]
public/	Fri Feb 13 11:15:19 -0800 2009	Fixed forced login [stffn]
script/	Sat Nov 08 06:18:57 -0800 2008	Initial commit [stffn]
test/	Wed Nov 18 02:02:17 -0800 2009	Fixed error when user without roles is logged in [stffn]
vendor/	Wed Nov 18 01:46:03 -0800 2009	Updating decl_auth [stffn]

README.rdoc

declarative_authorization Demo App

This Rails application serves as a demonstrator of the features of the declarative_authorization features. The declarative_authorization plugin provides an RBAC-inspired and declarative approach to authorization. It implements a DSL for specifying authorization rules outside of the program code. See the declarative_authorization README for more information.

github.com/stffn/decl_auth_demo_app

The demo app is a small conference management application, offering conference management for admins, conference and session sign up for registered users and a view of the available conferences and sessions to guests.

For easing the testing of the various roles, a simple user switcher is provided as a drop-down at the top of each page.

The declarative_authorization plugin lives at github.com/stffn/declarative_authorization

Getting Started

Clone the demo apps repository

  git clone git://github.com/stffn/decl_auth_demo_app.git

Set up the database connection data by copying and possibly modifying config/database.yml
```
  cp config/database.yml.example config/database.yml
```

Activate demo data, if you like

  cp db/development.sqlite3.example db/development.sqlite3

Initialize plugin submodules

  git submodule init
  git submodule update

Start server and point your browser to localhost:3000

  ./script/server
  firefox http://localhost:3000

Database Model

  Conference -----* ConferenceAttendee  *------ User -.
      |                                          |    |
      |                                 (is given by) |
      *                                          |    |
    Talk *-(gives)-------------------------------'    |
      |                                               *
      `----------------------------------* TalkAttendees

Most Interesting Spots

A few tipps on where to start:

Controller authorization with before_filters to load context objects at app/controllers/conference_controller.rb for a standard case and app/controllers/talks_controller.rb for a nested controller.
Query rewriting to only retrieve those records from the database that the current user has certain privileges on in app/controllers/conferences_controller.rb in ConferencesController#index
Model authorization for conferences in app/models/conference.rb
View authorization: e.g. app/views/conferences/index.html.erb app/views/talks/index.html.erb
Authorization rules in config/authorization_rules.rb
Testing with specific roles in test/unit/conferences_test.rb for user-specific model tests, test/functional/conference_controller_test.rb for get/post/delete_with, test/test_helper.rb for the test environment setup for decl_auth
decl_auth requirements:
- Controller#current_user in lib/authenticated_system.rb, which is included in ApplicationController
- Setting Authorization.current_user for model security in app/controllers/application_controller.rb
- A user model that responds to User#role_symbols with an Array of role symbols in app/models/user.rb

Authorization Browser

declarative_authorization comes with a browser for the application’s authorization rules and usages. Have a look at the information on the demo’s authorization after having started the app by pointing your browser to:

  http://localhost:3000/authorization_rules

Contact

Steffen Bartsch TZI, Universität Bremen, Germany sbartsch at tzi.org