I got authlogic and acl_system2 to work together under Rails 2.3.2. authlogic provides authentication. acl_system2 provide authorization, i.e. ACLs. authlogic is very up-to-date, but acl_system2 is a bit dated. That's okay, though, because it's not the sort of thing that should need to change much.
Let me cover some of the stumbling blocks I encountered after I followed the authlogic tutorial and the acl_system2 documentation.
acl_system2 is not available as a gem. Hence, you need to install it via:
script/plugin install git://github.com/ezmobius/acl_system2.gitIf you followed the authlogic tutorial, you'll end up with the ApplicationController#current_user method being private. To work with acl_system2, it should instead be protected. Otherwise, you'll end up with this:
You have a nil object when you didn't expect it!Here's what my migration looks like:
The error occurred while evaluating nil.roles (NoMethodError)
class CreateRoles < ActiveRecord::MigrationEach of my controllers has something like:
create_table :roles do |t|
t.string :title, :null => false
add_index :roles, :title, :unique => true
create_table :roles_users, :id => false do |t|
t.integer :role_id, :null => false, :options => "CONSTRAINT fk_role_id_roles REFERENCES roles(id)"
t.integer :user_id, :null => false, :options => "CONSTRAINT fk_user_id_users REFERENCES users(id)"
Role.create :title => "admin"
before_filter :require_userI decided to add the following to ApplicationController as protected methods:
access_control :DEFAULT => 'admin'
def permission_deniedThat way the HTTP status gets set for "Permission denied".
render :text => "Forbidden", :status => "403 Forbidden"
In order to test the above using Cucumber and Webrat, I added a feature step like:
And the HTTP status should be "403 Forbidden"Then, I added a step definition:
Then /^the HTTP status should be "([^\"]*)"$/ do |status|So far, I'm pleased :)
response.status.should == status