domain for sale $5k usd (negotiable). Em@il me t0: alex at israstage dot com

My Git activity

25 June 2008

Authorization plugin addon

Hi ppl,

If you are using Authorization plugin ( you can easily extend your ApplicationHelper with all benefits of authorization plugin.

Perhaps we have user "doomer" logged in, who have two roles > "tester" and "translator"
So regularly in some controller/action we can do:
current_user.has_role?("tester") // true
current_user.has_role?("admin") // false

and so on.
This is very nice usage of authorization stuff ! A big respect to billkatz and glenn.rempe.
However we want to ease usage of current....("admin") queries
We can do the following:
in application_helper

module ApplicationHelper
def tester?
def admin?
those methods will return true or false depends on user permission, but if we have 5+ roles ? +10 ? let me say its very dirty and wet way..

So lets do it:
open application.rb

def assign_roles
for role in Role.find(:all, :select => "name", :group => "name")
logged_in? ? r = current_user.has_role?( : r = false
c = "def #{}?() #{r} end"
ApplicationHelper.module_eval(c) "PARSED ROLE #{}"

And for the last, put before_filter :assign_roles in begin of application.rb
Thats it !!
Okay what we did here ? >>
1. return if current_user isnt logged in (plugin method)
2. find all roles & create local r with true/false, depends on permission
3. create def code for ApplicationHelper and eval it.
We created exactly the same as above sample but much more dynamic & DRY !!

Thats all, have a fun usage !!!

p.s. an authorization plugin usage/download available here:
or from GIT:

If you want those helper methods to be available to controllers(because you CANT call helper method from controller) just add:
under ApplicationHelper.module_eval(c)

This will create application controller methods (def admin? false end)


Glenn Rempe said...

Cool helper. Maybe you want to take a stab at integrating this functionality into the plugin and adding some tests? :-)

Give us a good Git patch and I'll merge it in.

Chris said...

Great method... I added it to my application.rb file and the before_filter. I have 5 primary roles so I modified your first query with...

:conditions => 'authorizable_type IS NULL'

I checked my log file and I see that it runs. But... it runs for EVERY action! Instead of just querying a role once or twice in an action, it runs 6 queries! Can this be added to a module that can extend my User model? For example, when a user logs in it just runs once and is good for the rest of the session? This would definitely cut down the number of database queries across all my users.

DJ said...

Nice tutorial about the usage of rile and plugin but you assume that we have a user doomer with 2 roles. where can we set the roles for a user so that it will reflect in the tables roles and roles_user? Is it in model or application controller?

.Net Security Authentication said...

Very informative tutorial. I think it is related to the MVC architecture.