问题
I just wanted to compare different solutions used when implementing ACLs in Rails.
回答1:
I use the authorization plugin (Created by Bill Katz):
Roles can be authorized for the entire application, a model class, or a specific object. The plugin provides a way of checking authorization at the class or instance method level using permit and permit? methods. It also provides english-like dynamic methods like "user.is_manager_of project" (where "user" acts as authorized, "manager" is a role, and "project" is an authorizable model). You can specify how control is redirected if authorization is denied. (quote source)
Homepage: http://www.writertopia.com/developers/authorization
Docs: http://github.com/DocSavage/rails-authorization-plugin/tree/master/authorization/README.rdoc
You might also be interested in reading this comparison (from last year but still somewhat useful; it's where I got the above quote from): http://www.vaporbase.com/postings/Authorization_in_Rails
And a more recent comparison: http://steffenbartsch.com/blog/2008/08/rails-authorization-plugins/
回答2:
The best I've found is role_requirement. It plugs straight into the restful_authentication plugin.
回答3:
There's a plugin called acl_system2 which operates by having a users table and a roles table. There's a lot more useful information in the README and the project is on github too.
来源:https://stackoverflow.com/questions/118247/whats-the-best-way-to-implement-acls-to-a-rails-application