Rails: Authorization with Authlogic

Question

I need a very granular authorization system that works seamlessly with Authlogic.

I\'ve tried these gems/plugins so far:

• Lockdown
• rails_authorizat

Answer 1

Yay! As of Nov. 16, 2009, Ryan Bates has finally answered my call with a Railscast devoted to this subject!

#188 - Declarative Authorization (with Authlogic)

Thanks, Mr. Bates!

Answer 2

I think you have a typo in your first sentence. You must mean "authorization that works seamlessly with Authlogic." AuthLogic already is an authentication solution.

I think you might be struggling to find a tutorial that's specific to AuthLogic because there's no reason authorization and authentication need to be tightly coupled to one another.

Authentication answers the question: "Who is the person accessing this page?" Authorization answers the question: "What permissions does the person accessing this page have?

So the only thing your authorization needs from Authlogic is the current_user() method from your controller. For example, take the tutorial for Acl9 (http://github.com/be9/acl9/tree/master). I believe all you'll need to customize is the :subject_method part (Acl9 calls your active user the 'subject', so :subject_method needs to be set to the name of the method that returns the current user, which is :current_user if you followed the basic AuthLogic docs).