This plugin/engine provides:
-
Authentication through RubyCAS-server
-
Very simple authorization by role
-
Management of shared lab groups and users in a centralized database, SLIMcore
A less complex alternative to SLIMcore Authorizer is the SLIMsolo Authorizer (github.com/systemsbiology/slimsolo_authorizer), which handles authentication and user and lab group storage within the parent application itself, but does not have the single sign-on and shared users/lab groups between applications.
Note: This was built for Rails 2.3.2 apps, so other versions may require some tinkering.
Install Rails Engines, by running this in your app root:
script/plugin install git://github.com/lazyatom/engines.git
Then add this to your config/environment.rb as directed by the Engines instructions:
require File.join(File.dirname(__FILE__), '../vendor/plugins/engines/boot')
Install SLIMcore Authorizer:
script/plugin install git://github.com/systemsbiology/slimcore_authorizer.git script/generate slimcore_authorizer . rake db:migrate
Then add this to your app/controllers/application_controller.rb:
include AuthenticatedSystem include Authorization
Edit config/application.yml so that it correctly specifies the addresses of your RubyCAS-server.
Add the SLIMcore database configuration to your config/database.yml. Here’s and example with SQLite 3:
slimcore_production: adapter: sqlite3 database: db/slimcore_production.sqlite3 slimcore_development: adapter: sqlite3 database: db/slimcore_development.sqlite3 slimcore_test: adapter: sqlite3 database: db/slimcore_test.sqlite3
Edit your application layout (typically app/views/layout/application.html.erb) to include the following in the <head></head> section:
<%= stylesheet_link_tag 'tinytable.css' %> <%= javascript_include_tag 'tinytable-packed' %>
Run:
script/server
And you should be able to navigate to localhost:3000/users and localhost:3000/lab_groups to manage users and lab groups that are stored in SLIMcore.
Authenticate on your own controllers by adding:
before_filter :login_required
Check authorization in controllers using:
before_filter :staff_or_admin_required # staff or admin access
or
before_filter :admin_required # admin-only
Link to the user and lab group management interfaces from your app like:
<%= link_to 'Users', users_path %> <%= link_to 'Lab Groups', lab_groups_path %>
Add the following link wherever it would be appropriate to have a link to log out:
<%= link_to "logout", :controller => 'sessions', :action => 'destroy' %>
In order to allow application-specific user and lab group data, SLIMsolo Authorizer adds two models to your application, UserProfile and LabGroupProfile. Each UserProfile and LabGroupProfile references a User or LabGroup, respectively.
Copyright © 2009 Institute for Systems Biology