Reputation: 787
Rails auth without any gem
I did my own auth like on my old php site, I use sessions for that and md5 hash for pass. My session after auth look like that:
{"session_id"=>"874e2703dbaa562da8350fe141612cb6", "_csrf_token"=>"o3g5VHz7f6BPCwpaphI/7qnBnaDVBcguKVB4lXqvUss=", "user_id"=>2, "login"=>"123", "avatar"=>/uploads/resume/avatar/2/avatars/noava.jpg, "group_id"=>1}
All other things are done, but Now how I can to restrict the access for different actions in my controller depending on my session ?
Or can I fix this with devise and cancan gems? They are using bcrypt, but my old passwords in md5 and i cant use for that bcrypt.
Upvotes: 1
Views: 285
Answers (1)
Reputation: 25029
You're confusing the ideas of authentication and authorization.
You've built your own authentication - you know who people are. Devise is an example of a gem that handles authentication.
Authorization controls what people can do, and is completely independent of authentication. Cancan is an example of a gem that handles authorization.
Use Cancan, or anything here.
Upvotes: 1
Related Questions
- basic auth with rails-api
- Basic Authentication Ruby on Rails
- Basic Authentication Rails
- User authorization in rails without a 3rd party gem
- how to authenticate user and password using ruby on rails
- Rails 3 Authentication solution update?
- Rails Full Authentication from scratch
- Good Authentication for Rails 3
- What are the authentication options available with Rails 3?
- What is the most common way to do authentication in rails 3?