Thanks, Sean:
It looks like this works. I'll push the rest of the extension into
our public SVN when I get it ironed out.
def activate
admin.tabs.add "Rbac Base", "/admin/rbac", :after =>
"Layouts", :visibility => [:admin]
User.send :has_and_belongs_to_many, :roles
User.send :include, RbacSupport
end
module RbacSupport
all_roles = Role.find(:all)
all_roles.each do | possible_role |
define_method("#{possible_role.role_name.underscore}?") do
if @my_roles == nil
@my_roles = Hash.new
roles.each do | role |
@my_roles["#{role.role_name.underscore}"] = true
end
end
@my_roles["#{possible_role.role_name.underscore}"] || admin?
end
end
end
On Aug 21, 2007, at 9:51 AM, Sean Cribbs wrote:
> Paul,
>
> It should be easy to add a new role(s) for this if you have only
> role-specific permissions and nothing more granular than that. Just
> create an extension that modifies the User model (in the database
> and in
> the code), providing methods in the manner of "finance?" or
> "public_relations?" that test whether a given user has that role.
> Then
> your other interfaces/extensions can add restrictions on those tabs
> easily.
>
> Sean
>
> Paul Hoehne wrote:
>> A question of philosophy
>>
>> Currently, we're looking at extending radiant for a client whose
>> primary need is content. However, they also need some other tools
>> specific to not-for-profits. Ideally it would be great to deliver
>> everything in one interface. (Content management and applications).
>> The applications would live inside the admin interface for radiant,
>> utilizing Radiant's login and user-management system. Where we've
>> started is with an extension to manage roles and users assigned to
>> those roles. What we're trying to extend now is the process of
>> displaying tabs for users. For example, only people in the "finance"
>> role should see the tab in the admin interface for finance related
>> reports, receipts from web donations, etc.
>>
>> For example, the following code from admin_ui.rb appears to be
>> responsible for making the decision to display tabs for users. It
>> would be nice to extend the user to read all the available roles in
>> our roles table to provide "#{role}?" methods for the available
>> roles.
>>
>> def shown_for?(user)
>> visibility.include?(:all) or visibility.any? { |role| user.send
>> ("#{role}?") }
>> end
>>
>> As we look through the code it might not be possible to do everything
>> we would like from extensions. Would there be interest in the
>> community in re-visiting the user roles to provide for a more
>> flexible roles system?
>>
>> Paul
>>
>>
>>
>> _______________________________________________
>> Radiant mailing list
>> Post: [email protected]
>> Search: http://radiantcms.org/mailing-list/search/
>> Site: http://lists.radiantcms.org/mailman/listinfo/radiant
>>
>>
>
> _______________________________________________
> Radiant mailing list
> Post: [email protected]
> Search: http://radiantcms.org/mailing-list/search/
> Site: http://lists.radiantcms.org/mailman/listinfo/radiant
_______________________________________________
Radiant mailing list
Post: [email protected]
Search: http://radiantcms.org/mailing-list/search/
Site: http://lists.radiantcms.org/mailman/listinfo/radiant
