-
Notifications
You must be signed in to change notification settings - Fork 2
/
TODO
51 lines (40 loc) · 1.48 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
Remove/Configure password_confirmation
Replaces SHA1 with SecureRandom
Overall
! Add Tests
Controller
? Update how restrict_to works so that it can be ignored in subclasses
Model
? Allow custom validation msg for role and priv validations
! Revisit mixin for role/priv/role_priv/forgot_pass/forgot_pass_mailer
Ideas
* Signup hooks and options
* Account activation
* Object level privileges
* Attribute level privileges
? controller/action privileges
* Profile options
* Preferences system
? view helpers (link_to, form_for, etc...)
? Syntax for asking for permission a & b (not just or)
? Users can belong to many roles
? can_xxx? helpers for privileges
Object level privileges
http://agilewebdevelopment.com/plugins/scoped_access
Remember Me/Signup/Forgot Password/Activation
http://svn.rails-engines.org/plugins/login_engine/
http://svn.rails-engines.org/plugins/user_engine/
Privilege Syntax
http://agilewebdevelopment.com/plugins/simple_access_control
uses "admin || manager" style syntax
adds has_permission? helper on view
http://opensvn.csie.org/ezra/rails/plugins/dev/acl_system2/
uses "admin || manager" style syntax
adds has_permission? helper on view
Privilege
http://activeacl.rubyforge.org/
has object level permissions
you can explicitely deny users privileges (not sure if i like this)
seems very complex, and the API does not seem very easy
https://activerbac.turingstudio.com/
http://www.writertopia.com/developers/authorization