declarative_authorization Demo App¶ ↑

This Rails application serves as a demonstrator of the features of the declarative_authorization features. The declarative_authorization plugin provides an RBAC-inspired and declarative approach to authorization. It implements a DSL for specifying authorization rules outside of the program code. See the declarative_authorization README for more information.

github.com/stffn/decl_auth_demo_app

The demo app is a small conference management application, offering conference management for admins, conference and session sign up for registered users and a view of the available conferences and sessions to guests.

For easing the testing of the various roles, a simple user switcher is provided as a drop-down at the top of each page.

The declarative_authorization plugin lives at github.com/stffn/declarative_authorization

Getting Started¶ ↑

• Clone the demo apps repository

  git clone git://github.com/stffn/decl_auth_demo_app.git

• Set up the database connection data by copying and possibly modifying config/database.yml

  cp config/database.yml.example config/database.yml

• Activate demo data, if you like

  cp db/development.sqlite3.example db/development.sqlite3

• Initialize plugin submodules

  git submodule init
  git submodule update
  

• Start server and point your browser to localhost:3000

  ./script/server
  firefox http://localhost:3000

Database Model¶ ↑

Conference -----* ConferenceAttendee  *------ User -.
    |                                          |    |
    |                                 (is given by) |
    *                                          |    |
  Talk *-(gives)-------------------------------'    |
    |                                               *
    `----------------------------------* TalkAttendees

Most Interesting Spots¶ ↑

A few tipps on where to start:

• Controller authorization with before_filters to load context objects at app/controllers/conference_controller.rb for a standard case and app/controllers/talks_controller.rb for a nested controller.

• Query rewriting to only retrieve those records from the database that the current user has certain privileges on in app/controllers/conferences_controller.rb in ConferencesController#index

• Model authorization for conferences in app/models/conference.rb

• View authorization: e.g. app/views/conferences/index.html.erb app/views/talks/index.html.erb

• Authorization rules in config/authorization_rules.rb

• Testing with specific roles in test/unit/conferences_test.rb for user-specific model tests, test/functional/conference_controller_test.rb for get/post/delete_with, test/test_helper.rb for the test environment setup for decl_auth

• decl_auth requirements:

  • Controller#current_user in lib/authenticated_system.rb, which is included in ApplicationController

  • Setting Authorization.current_user for model security in app/controllers/application_controller.rb

  • A user model that responds to User#role_symbols with an Array of role symbols in app/models/user.rb

Authorization Browser¶ ↑

declarative_authorization comes with a browser for the application’s authorization rules and usages. Have a look at the information on the demo’s authorization after having started the app by pointing your browser to:

http://localhost:3000/authorization_rules

Contact¶ ↑

Steffen Bartsch TZI, Universität Bremen, Germany sbartsch at tzi.org

Licence¶ ↑

Copyright © 2008 Steffen Bartsch, TZI, Universität Bremen, Germany released under the MIT license