Quantcast

Authentication & Authorization

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Authentication & Authorization

aldrin
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

as some of you might have read, the topic authentication and
authorization came up again on Github recently [1]. There has been
some short comments on this on this list in last June [2].

So what is it about? The de facto standards for the two concepts in
Rails are Devise [3,4] and CanCan [5,6]. The question is, if we want
to replace authn/z in Foodsoft by the two modules.

What would we gain? From my point of view all the advantages of code
reuse, which among others include:
* profit from the open source community
* contribute to the community
* increase security
* less long-term maintenance

The main drawback I can see is the probably high short-term
implementation effort without any user-visible changes.

Nevertheless I would vote for the change because of the mentioned
benefits.

Let us try to find a decision which everyone can support. Please share
your opinion on the list and maybe even repeat what you've written before.

Robert.


[1] https://github.com/foodcoops/foodsoft/issues/237#issuecomment-31520979
[2]
http://foodsoft.51229.x6.nabble.com/advice-on-how-to-add-public-signup-form-tp64p65.html
[3] https://github.com/plataformatec/devise
[4] https://www.ruby-toolbox.com/categories/rails_authentication
[5] https://github.com/ryanb/cancan
[6] https://www.ruby-toolbox.com/categories/rails_authorization
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSyADqAAoJEMoxTYG15wCZ1bcH/31MufI0W9Z/xxyb7Sj1+3NN
YtkNsxRrdM5bQ6GwmcctX9bx84Z6wlgffja52724JzDfAYWQFlhRII8tCR9FUuKi
5Tdl1n6Y8HjJBSCsykK8H3kVAdLIc1xtkUAr8IXbviJS6HiBvS87qLptNGlB+D80
ipoei5PyCpO+RL+MxErr3RpZFA/Q1buW5UJu/EtgGHNz6w5gA+9Lr9yMJUQnDU1H
2qyNLejUCjzrOQpFPkq41/dkY4kFtOACKOJ4JvNYag6UKecau1UPc/bpG8u94R1Q
ew5R6HYBKZ+R6RWELa/cxdvWnRsEiE69P5IkdJC+v1l1tr+g8bhJAJfM2Fbxe5A=
=zgdO
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authentication & Authorization

wvengen
Administrator
Hi Robert,

Thanks for bringing this up again. I would love to see this happen.
Additional pros are (probably) less and cleaner code in foodsoft, easier
for new developers because of familiarity, and some features I'd like to
see are then much easier - like email confirmation and single sign-on.

It would indeed require some investment, but I think it is worth it in
the long run.
My current priority is on usability, but I'd be willing to contribute to
this on the side.

I'm curious to hear what others think.

- Willem

On 04-01-14 13:39, aldrin [via foodsoft] wrote:

> Hi,
>
> as some of you might have read, the topic authentication and
> authorization came up again on Github recently [1]. There has been
> some short comments on this on this list in last June [2].
>
> So what is it about? The de facto standards for the two concepts in
> Rails are Devise [3,4] and CanCan [5,6]. The question is, if we want
> to replace authn/z in Foodsoft by the two modules.
>
> What would we gain? From my point of view all the advantages of code
> reuse, which among others include:
> * profit from the open source community
> * contribute to the community
> * increase security
> * less long-term maintenance
>
> The main drawback I can see is the probably high short-term
> implementation effort without any user-visible changes.
>
> Nevertheless I would vote for the change because of the mentioned
> benefits.
>
> Let us try to find a decision which everyone can support. Please share
> your opinion on the list and maybe even repeat what you've written before.
>
> Robert.
>
>
> [1] https://github.com/foodcoops/foodsoft/issues/237#issuecomment-31520979
> [2]
> http://foodsoft.51229.x6.nabble.com/advice-on-how-to-add-public-signup-form-tp64p65.html
> [3] https://github.com/plataformatec/devise
> [4] https://www.ruby-toolbox.com/categories/rails_authentication
> [5] https://github.com/ryanb/cancan
> [6] https://www.ruby-toolbox.com/categories/rails_authorization

Loading...