tags:

views:

214

answers:

6
Q: 

Authentication Ruby on Rails...

I am building a project management app and I am not sure which is the best/correct authentication model to implement given I am new to Rails (and programming in general). Here is what I am trying to do.

I want to be able to add a "client" to the application and then multiple projects to a client. I would like to be able to add users (that are essentially representatives of the client) to view that clients multiple projects but not other clients. I intend on having controllers for time tracking, notes, comments and images all to be associated with both clients and project of that client.

In addition, I would like to set up the account to control who is able to have one. I don't need the user to establish an account on their own.

Does that make sense?

+3  A: 

These (free) Railscasts should give you some food for thought. There are lots of great RubyGems/plugins out there for this sort of thing.

John Topley  2009-12-17 15:36:35
+4  A: 

I believe what you are mentioning is called Authorization not Authentication, anyway:

I would suggest acl9 for authorization and authlogic for authentication.

khelll  2009-12-17 15:38:29
Could you please elaborate on this answers. What are the reasons that you suggest acl9 and authlogic.
Jonas Söderström  2010-01-21 19:43:41
+1  A: 

Restful Authentication is still the golden standard for user authentication in ruby on rails.

Kyle Boon  2009-12-17 15:40:06
This became too old now... ppl moved to authlogic which is far better.
khelll  2009-12-17 15:42:13
Clearance is also very good.
jonnii  2009-12-17 16:46:29
+1  A: 

The Ruby Toolbox gives you an overview of tools and their popularity in the rails community (rated by watchers and forkers on GitHub). As you can see there, the suggested plugins restful_authentication and authlogic are almost on the same level.

auralbee  2009-12-17 21:36:32
+1  A: 

I have used Authorization plug-in in the past and like it because it gives some nice meta methods such as:

  user.is_eligible_for_what   --> returns array of authorizable objects for which user has role "eligible"
  user.is_moderator_of? group --> returns true/false
  user.is_moderator_of group  --> sets user to have role "moderator" for object group.
  user.is_administrator       --> sets user to have role "administrator" not really tied to any object.

There's also a brand new RailsCast on CanCan.

Chirag Patel  2009-12-17 23:23:42
A: 

I'd use AuthLogic for authentication (logging in users and making sure they are who they claim to be) and declarative_authorization for authorization (making sure they have access to resources). See Ryan Bates' excellent Railscasts on AuthLogic and restful_authentication for more info.

dvyjones  2009-12-18 16:22:23

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?