#11 ✓hold
Steffen Bartsch

Refactor Engine and Reader to simplify adding further reader backends

Reported by Steffen Bartsch | March 9th, 2009 @ 07:08 PM

From Ryan:

I am at the stage now where I want to go ahead and try to move the authorization rules from the dsl file to the database. This would allow the roles and permissions to be dynamically created and maintained.

Currently proposed approach: Engine delegates for all authorization rules data to a Reader object. That Reader may read from a DSL file (as the current DSLReader does) or from database.

Proposed API for a AbstractReader

class AbstractReader
  def authorization_rules
    # Array of AuthorizationRule objects

  def privilege_hierarchy
      :priv => [
        [:lower_priv, context_or_nil],
      :other_priv => []

  def role_hierarchy
      :higher_role => [:lower_role, :other_lower_role] #,...

  def role_titles
      :a_role => "Long Role Name"

  def role_descriptions
      :a_role => "Role description..."

If that's fine for your implementation of a DBReader, I would create such a patch.

Comments and changes to this ticket

  • Ryan Richards

    Ryan Richards March 10th, 2009 @ 03:51 PM

    will be working on this as i can over the next few days.

  • Steffen Bartsch

    Steffen Bartsch March 10th, 2009 @ 03:59 PM

    • State changed from “new” to “open”
  • Steffen Bartsch

    Steffen Bartsch March 11th, 2009 @ 07:45 PM

    Here is a patch for a better defined Reader API. I only added the method #roles to the list above.

    To use it, please refer to the Rails contributor guide: http://rails.lighthouseapp.com/p...

  • Steffen Bartsch
  • Ryan Richards

    Ryan Richards March 12th, 2009 @ 05:33 AM

    Thanks steffen, got the patch and applied with no issues.

  • Ryan Richards

    Ryan Richards March 12th, 2009 @ 04:27 PM

    for the benefit of history tracking (since much of this was discussed via email) earlier ...

    The original motivation for my use of this plugin was the capability to define hierarchies. The DSL made a great deal of sense to us as well which was also a factor. We have been using the plugin with great success but have deferred implementing hierarchies at this time and have instead placed higher emphasis on having the capability to dynamically create roles and permissions. Thus the need for the database.

    A few things i have considered aside from what has already been discussed thus far:

    1. Need database table(s) to model the relationships as represented in the dsl file.

    2. A strategy to seed the database via 'admin console' or by first creating a file-based DSL configuration as we do currently and populating the tables from this configuration (for initial seeding only). Maintaining the roles/permissions would then be dynamic via 'admin console' which would I assume be largely left to the end-user/developer to implement. Finally, the admin console could be used to create the configuration with no seeding necessary (only 'guest' seeded from using a generator)

    I need to do further review on the inner-workings of the plugin as I have not used it in its full capacity yet.

    Please let me know if this makes sense or of any questions/concerns.

  • Steffen Bartsch

    Steffen Bartsch March 13th, 2009 @ 01:14 PM

    On number 2:

    I think it would be nice to include such an admin console with the plugin, if it is sufficiently general.

    We already have the authorization browser for Rails 2.3 in the plugin. That could be a starting point for an admin console.

    It could be interesting to combine the editing of rules with the already present graphical visualization, if that is of use to you.

  • Ryan Richards

    Ryan Richards March 13th, 2009 @ 06:11 PM


    That is a very interesting idea. I do like that graphical browser. I run it on my linux box here but havent tried setting it up on my mac yet.

  • Steffen Bartsch

    Steffen Bartsch March 24th, 2009 @ 08:49 PM

    • State changed from “open” to “hold”

    Maybe we can make use of this patch later on.

  • Yo

    Yo July 14th, 2009 @ 10:03 PM

    Wondering if there was any thought to writing over the DSL file. Swapping DSL files might be at least a temp solution.

  • Steffen Bartsch

    Steffen Bartsch July 15th, 2009 @ 10:54 AM

    I'm not sure that I get your point, Yo. Can you explain what you are trying to achieve? The initial goal here was to provide more dynamic and changeable rule sets.

  • Gerardo

    Gerardo September 11th, 2010 @ 10:49 PM

    • Milestone order changed from “0” to “0”


    How about applying this patch to the master repository with some configuration options?
    It would be great to have at least the ability to attach new readers without touching the gem code.


  • Steffen Bartsch

    Steffen Bartsch September 12th, 2010 @ 08:18 AM

    The patch is outdated by now. Are you planning of contributing another rules backend? Then, I am happy to invest the effort of bringing the patch up-to-date and apply it to the master branch.

  • Gerardo

    Gerardo September 12th, 2010 @ 05:58 PM

    I need to implement roles in a database for a personal project, if I do a good job, we can incorporate the code to the gem, i would be glad to help.

  • Steffen Bartsch

    Steffen Bartsch September 28th, 2010 @ 08:39 AM

    I would recommend to you to set up a decl_auth branch on github and apply the patch there to have a basis for your extension. I have currently only limited time to work on new features in decl_auth.

    As a side note: this is the old issue tracker for decl_auth. There already is a related issue in the github issue tracker: http://github.com/stffn/declarative_authorization/issues#issue/13

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

By now, decl_auth is using the GitHub issue tracker as well. Please use the one over there: http://github.com/stffn/declarative_authorization/issues