views:

70

answers:

4

Hey guys, I am making a personal website with a blog. I'd like to have certain entries password protected like I've seen on at least one wordpress. That's no biggie. But I was wondering if there was something really flexible which will allow hidden text to be revealed after a post? For example, the public post may say, "I met my friend Bob for coffee today" but upon putting in the personal password, some text tagged as being private will be like, "Bob stinks!!" Also, I'll want different layers of privacy for friends,family members, etc. Not sure how to tie it all together but I don't even know much about the blog world in Ruby - is there anything that's extensible enough that I could put together these features myself without having to reinvent the wheel?

A: 

Ryan Bates' Cancan library is supposed to be a flexible authorization solution that may be of good help for you with implementing different layers of privacy: http://github.com/ryanb/cancan

Concerning implementation as such - I think, it's too generic a question to be answered here, and is up to you as software designer to decide on the approach.

Sergei Kozlov
A: 

i am not aware of any libraries already existing (if any at all) for above mentioned functionality; but I feel that given the above requirement; you'd need a permission framework first; to manage permissions on a granular level.

The view should be a easier thing to do, with callbacks embedded in view. (i.e. in HTML) using Jquery (or any other JS framework) and JSON. Upon successfully authenticating user, you can issue the callbacks to fetch the content to be shown using json and append it to the marked divs. OR you could fetched the "policed" content completely and show it to the user.

Priyank
+1  A: 

There are several authorization plugins for Rails that have view helpers that only display that markup when the user has appropriate access. So a family member could see Bob stinks!, but the guest would only see the public post. Javascript is probably overkill for this, unless you want to show the hidden data without refreshing the page.

acl_system2 has the restrict_to method. CanCan has the can? view helper method. Here are some other authorization gems/plugins.

coreypurcell
A: 

I agree that CanCan is a great solution for this. Used in combination with Devise it is very simple and powerful. Here's how I did it: http://www.tonyamoyal.com/2010/07/28/rails-authentication-with-devise-and-cancan-customizing-devise-controllers/

Tony