Skip to content
Demo Rails application that uses declarative_authorization
Ruby JavaScript
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
app
config
db
doc
lib
log
public
script
test
vendor/plugins
.gitignore
.gitmodules
README.rdoc
Rakefile

README.rdoc

declarative_authorization Demo App

This Rails application serves as a demonstrator of the features of the declarative_authorization features. The declarative_authorization plugin provides an RBAC-inspired and declarative approach to authorization. It implements a DSL for specifying authorization rules outside of the program code. See the declarative_authorization README for more information.

github.com/stffn/decl_auth_demo_app

The demo app is a small conference management application, offering conference management for admins, conference and session sign up for registered users and a view of the available conferences and sessions to guests.

For easing the testing of the various roles, a simple user switcher is provided as a drop-down at the top of each page.

The declarative_authorization plugin lives at github.com/stffn/declarative_authorization

Getting Started

  • Clone the demo apps repository

    git clone git://github.com/stffn/decl_auth_demo_app.git
  • Set up the database connection data by copying and possibly modifying config/database.yml

    cp config/database.yml.example config/database.yml
  • Activate demo data, if you like

    cp db/development.sqlite3.example db/development.sqlite3
  • Initialize plugin submodules

    git submodule init
    git submodule update
  • Start server and point your browser to localhost:3000

    ./script/server
    firefox http://localhost:3000

Database Model

Conference -----* ConferenceAttendee  *------ User -.
    |                                          |    |
    |                                 (is given by) |
    *                                          |    |
  Talk *-(gives)-------------------------------'    |
    |                                               *
    `----------------------------------* TalkAttendees

Most Interesting Spots

A few tipps on where to start:

  • Controller authorization with before_filters to load context objects at app/controllers/conference_controller.rb for a standard case and app/controllers/talks_controller.rb for a nested controller.

  • Query rewriting to only retrieve those records from the database that the current user has certain privileges on in app/controllers/conferences_controller.rb in ConferencesController#index

  • Model authorization for conferences in app/models/conference.rb

  • View authorization: e.g. app/views/conferences/index.html.erb app/views/talks/index.html.erb

  • Authorization rules in config/authorization_rules.rb

  • Testing with specific roles in test/unit/conferences_test.rb for user-specific model tests, test/functional/conference_controller_test.rb for get/post/delete_with, test/test_helper.rb for the test environment setup for decl_auth

  • decl_auth requirements:

    • Controller#current_user in lib/authenticated_system.rb, which is included in ApplicationController

    • Setting Authorization.current_user for model security in app/controllers/application_controller.rb

    • A user model that responds to User#role_symbols with an Array of role symbols in app/models/user.rb

Authorization Browser

declarative_authorization comes with a browser for the application's authorization rules and usages. Have a look at the information on the demo's authorization after having started the app by pointing your browser to:

http://localhost:3000/authorization_rules

Contact

Steffen Bartsch TZI, Universität Bremen, Germany sbartsch at tzi.org

Licence

Copyright © 2008 Steffen Bartsch, TZI, Universität Bremen, Germany released under the MIT license

Something went wrong with that request. Please try again.