#385 Authorization from Scratch Part 1 pro
Oct 07, 2012 | 15 minutes | Security, Authorization
Authorization can be difficult to implement and test because it often involves complex logic that exists throughout the entire app. Here I demonstrate how to test and implement authorization from scratch.
Great episode! Anyone know what that
Randomized with seed 43829line is? I haven't encountered that with Guard or RSpec before...Yeah, you should find the following at the bottom of your spec/spec_helper.rb file:
This has been part of rspec for several months now, you probs just didn't notice it.
Oh, very cool! Never identified that as a potential issue, but I can see that it definitely could be. Yay rspec goodies!
It's there to ensure that your test cases are independent: that they pass regardless of the order in which they are run.
according to my Pry console. Permission class has a class method called "members" which return :user. I don't see where this method is defined...Does anyone know?
Members is a method that comes with Struct, which Permission inherits from in Ryan's example. http://ruby-doc.org/core-1.9.3/Struct.html
thanks
when I try to start the forum-after application (with rails s), I'm getting thie following error. Does anyone know what's wrong, as in how to fix it? I did bundle install and it's not changing anything. Please note that I recently uninstalled MacPorts and the error might be associated with that, but i still don't know how to fix it.
fixed it by doing
brew uninstall node
brew install node
I am sure you will put this in Part 2, but I am implementing this in an app right now and needed a way to ensure they were an admin for the associated member they were viewing.
Then you can use the Id to fetch and check on an item if needed.
Yep, I am addressing this in part 2.
Only just checked back, and will now be watching Part 2. Can fix up my dodgy fix :)
Great Job, Ryan!
Can you please tell me why or what is the advantage of having your Permission class inherit from a Struct (class Permission < Struct.new(:user)), why a struct?
This is just a quick way to get a "user" attribute. It also saves me from having to define the "initialize" method here.
Thanks Ryan. This is so cool, I have never thought of using struct in Ruby/Rails, only in C, C++.
Also, unrelated to this. Few months ago, you sent out an email about either cutting the number of episodes/week or raising price. I can tell you that, with no hesitation, I would pay triple, even for now. Your episodes are clear, your teaching is lucid and most important of all, I like learning from you. I am more eager to see your new episodes than the new Family Guy episodes. Really thank you and keep up the outstanding work.
Since the main check is in the application controller the permission logic feels like a controller to me, why not permissions_controller.rb in the controllers directory? - it just doesn't feel like a model to me. Is it just me?
It would be nice to have a part 3 or something which explains how this thought process carries over to CanCan, since you are the one who wrote it in the first place :)
Tempting for me to point out the allowy gem.
The implementation is very similar to what has been shown in this screencast.
Very lightweight, inspired by CanCan.
Even though it doesn't have much activity it is being used in production heavily (so sometimes project can be "finished" :) )
ProTip: Don't use "if not," use "unless."
So the authorize method would go from:
To the more readable:
Thanks for the reminder. I've been using "if not" exclusively. I'll try to break this old habit.
What is the best way to test using Test Unit?
Should I test it in my functional test or create a unit test?
Great episode.
I'm new to rails and so happy I subscribed.
First sign in through GitHub to post a comment.