[Nitro] Nitro RBAC + goodies

Arne Brasseur arne at arnebrasseur.net
Wed Nov 28 03:05:16 EST 2007

Dear fans and friends of Nitro,

Over the past few days I've coded up a reusable part for your (and my) 
Nitro applications. It started out as simply user authentication and 
access control, but now also includes a crude CSS builder and a brand 
new AssetController. It has role based access control and uses a salted 
hash for the password.

What does all of this mean?

There are three Og models : UserACL:: User, Permission and Role. A 
permission is defined by a string which is either
'*' => allow everything
'ControllerName' => allow access to all actions of this controller
'ControllerName/action' => allow access to this action (all formats)
'ControllerName/action.format' => allow access to this action for the 
specific format

Roles have permissions and users have roles. To add checks to your 
controllers you simply do

class SomeController < Nitro::Controller #Necessary to have :authorize 
  authorize :delete, :create, :update

If the current user isn't authorized he gets redirected to the referrer 
or home, and an error message is added to the flash.

To set up initial permissions you can use UserACL.init, e.g.

    UserACL.init do
      role 'admin', 'Administrators have full access' do
        user 'admin', 'Mister Admin', 'padmin'
        grant '*'
    end if UserACL::User.all.empty?

The <LoginBox /> element will render a box where one can log in, and a 
link to the sign-up page.

The provided <Page></Page> element works together with the asset 
controller. These allow elements within the page to define class methods 
render_css and render_js. The result will be served as if it's a 
seperate css/js file by the AssetController, and the <Page> will make 
sure the right <link ...> tag is added to your HTML.

And to top it off you can use the CSSBuilder (which does lack maturity) 
to do something like

    css {
      p {
        a {
          font_family :serif
      klass(:emphasis) {
        font_weight :bold

      id(:useracl_loginbox) {
        font_family "sans-serif"

        div {
          margin "3px"

The main advantage is that you can nest blocks.

Oh and be sure to check out the <FlashBox /> element!

To get the goods a simple

  svn co http://code.arnebrasseur.net/useracl

should suffice.

Have fun,

Arne Brasseur
arne at arnebrasseur.net

More information about the Nitro-general mailing list