-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
as some of you might have read, the topic authentication and
authorization came up again on Github recently [1]. There has been
some short comments on this on this list in last June [2].
So what is it about? The de facto standards for the two concepts in
Rails are Devise [3,4] and CanCan [5,6]. The question is, if we want
to replace authn/z in Foodsoft by the two modules.
What would we gain? From my point of view all the advantages of code
reuse, which among others include:
* profit from the open source community
* contribute to the community
* increase security
* less long-term maintenance
The main drawback I can see is the probably high short-term
implementation effort without any user-visible changes.
Nevertheless I would vote for the change because of the mentioned
benefits.
Let us try to find a decision which everyone can support. Please share
your opinion on the list and maybe even repeat what you've written before.
Robert.
[1]
https://github.com/foodcoops/foodsoft/issues/237#issuecomment-31520979[2]
http://foodsoft.51229.x6.nabble.com/advice-on-how-to-add-public-signup-form-tp64p65.html[3]
https://github.com/plataformatec/devise[4]
https://www.ruby-toolbox.com/categories/rails_authentication[5]
https://github.com/ryanb/cancan[6]
https://www.ruby-toolbox.com/categories/rails_authorization-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/iQEcBAEBAgAGBQJSyADqAAoJEMoxTYG15wCZ1bcH/31MufI0W9Z/xxyb7Sj1+3NN
YtkNsxRrdM5bQ6GwmcctX9bx84Z6wlgffja52724JzDfAYWQFlhRII8tCR9FUuKi
5Tdl1n6Y8HjJBSCsykK8H3kVAdLIc1xtkUAr8IXbviJS6HiBvS87qLptNGlB+D80
ipoei5PyCpO+RL+MxErr3RpZFA/Q1buW5UJu/EtgGHNz6w5gA+9Lr9yMJUQnDU1H
2qyNLejUCjzrOQpFPkq41/dkY4kFtOACKOJ4JvNYag6UKecau1UPc/bpG8u94R1Q
ew5R6HYBKZ+R6RWELa/cxdvWnRsEiE69P5IkdJC+v1l1tr+g8bhJAJfM2Fbxe5A=
=zgdO
-----END PGP SIGNATURE-----
Locked
