This is not the first time I met Lockdown.  I wanted to use it earlier.  According to the docs, it was awesome.  Real RBAC with no hassle.  However, when I tried to actually use it, it locked my app down.  Completely.  In the end I gave up, and started over with Clearance.  It was good and it worked as intended, but it’s still an authentication layer, with no roles / groups / whatever defined.  I tried Acl9 out too, which did it’s job, but role definitions were scattered throughout the controllers.  Then I fed up with Clearance too, it made too much noise in my application.  I ended up having Authlogic with some sort of Acl9, but it just not felt right.

However, a couple of weeks ago, I noticed that Lockdown reached 1.0.  Moreover, now it has Authlogic support, and even model-level permissions!  Yikes!  Of course fighting lockdown not to lock down everything was not easy, especially in the tests.  I think it is worth to have my experiences documented. Continue reading →