Authorizing a user's action in a one page javascript application
https://stackoverflow.com/questions/9918197
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
We have a CakePHP application that uses ACL and Roles to handle user authorization. Right now the entire admin panel is built using ExtJS3, so they're all single page views. Anytime a view is loaded we use ACL to see if the user is authorized to access that part of the application.
We're looking to move our app to Rails and use ExtJS4 with the new MVC/Single page structure. We're curious how we would go about authorizing users actions? Right now they're very granular. A user's authorization can be locked down by actions, so they might be able to access index, and read or index, read, update, but not destroy etc.
If the page just loads once, and ExtJS takes care of loading all of the subviews of the app what's the best way to authorize a user by role?
Any ideas?
Edit I forgot to add that we need the ability to add/remove roles or abilities from the admin area. Something like cancan would be great, but I haven't seen a way to make it dynamic to where a user can add/edit abilities.
Thanks!
Solution
A good library for me so far is cancan. It has the ability to be fairly granular and customizable from what I've seen, yet centralized in defining abilities for example. Hope this helps! EDIT: It's available in ruby gems as well-- gem install cancan should do the trick.
