What would be the recommend way to integrate Authority with an key authenticated and authorized API?

nathanl / authority

*CURRENTLY UNMAINTAINED*. Authority helps you authorize actions in your Rails app. It's ORM-neutral and has very little fancy syntax; just group your models under one or more Authorizer classes and write plain Ruby methods on them.

MIT License

1.21k stars 67 forks source link

What would be the recommend way to integrate Authority with an key authenticated and authorized API? #77

Closed NikoRoberts closed 10 years ago

NikoRoberts commented 10 years ago

I have been using Authority to authorize all of my Users but now I am looking to implement a system where we have more than 1 model that has access.

e.g. Users + ApiKeys have access to different things

NikoRoberts commented 10 years ago

Would you suggest that I override the config.user_method to get the ApiKey model if the request is through the API?

I am thinking along these lines https://github.com/nathanl/authority/issues/17

nathanl commented 10 years ago

Sorry to be so slow responding. I'm not totally sure I understand your use case, but it sounds like the "user" could either be a User model (in the normal app) or an "ApiUser" (or something) if they come in via the API?

This should work just fine, as long as you configure Authority with a single user_method that will always return the appropriate type of user object, and as long as the new kind of user objects support the methods you're calling on User in your current authorizers.