I'm in the process of implementing an authorisation system. I don't think
the system is that complex but the underlying technology we're running on
is not your typical Rails site. Essentially our setup is:
Various Apis
|
NodeJS Server
|
Client Computers
Various APIs do the work and on database updates, send the update to the
Node Server. The Node server broadcasts the changes to the clients and the
clients are your typical web browsers on the website getting realtime
updates of what's happening in the APIs. Requests to change information go
via the Node server as well.
I have authentication working well. However, I need to implement *
authorisation* at some layer in this stack, either the at the NodeJS level
or at each individual API. The auth will also be attached to a user which
is available from the Users API.
I've got a few ideas of how to go about this, but wondered if anybody
had implemented something similar? My guess is to implement at the Node
level and before any requests which require auth, query against the users
api asking them if the action is allowed. However, it might be easier to
implement at a per API level via a shared gem etc.
Samuel Richardson
www.richardson.co.nz | 0405 472 748
--
You received this message because you are subscribed to the Google Groups "Ruby
or Rails Oceania" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rails-oceania?hl=en.
