Fingertips / authorization-san

Description:	A plugin for authorization in a ReSTful application edit
Homepage:	http://fingertips.github.com edit
Public Clone URL:	git://github.com/Fingertips/authorization-san.git Give this clone URL to anyone. `git clone git://github.com/Fingertips/authorization-san.git`
Your Clone URL:	git@github.com:Fingertips/authorization-san.git Use this clone URL yourself. `git clone git@github.com:Fingertips/authorization-san.git`

Fix a mistake in the scope example.

Manfred (author)

Mon Jun 15 04:53:04 -0700 2009

commit 7c660c631516c1d5bcae4f020d4084ae6170d870
tree cd0dd8690ff52d77530ab289a58d9a04eb3013aa
parent 6309abccb7654c370c16252083384db1905857ef

authorization-san /

name	age	history message
.gitignore	Mon Mar 09 02:30:18 -0700 2009	Move init.rb to the rails directory so Rails wi... [Manfred]
LICENSE	Mon Mar 09 02:08:08 -0700 2009	Rebrand README and update LICENSE. git-svn-id:... [manfred]
README.rdoc	Sat Apr 18 05:04:01 -0700 2009	Update the README because it ended in a half se... [Manfred]
Rakefile	Mon Mar 09 13:32:33 -0700 2009	Added JewelryPortfolio and rescue LoadError [alloy]
VERSION.yml	Sat Apr 18 04:56:41 -0700 2009	Version bump to 1.0.1 [Manfred]
authorization-san.gemspec	Sat Apr 18 04:57:45 -0700 2009	Update gemspec in an effort to get GitHub to bu... [Manfred]
examples/	Mon Jun 15 04:53:04 -0700 2009	Fix a mistake in the scope example. [Manfred]
lib/	Fri Jun 12 22:46:15 -0700 2009	Remove some stray whitespace. [Manfred]
rails/	Mon Mar 09 02:30:18 -0700 2009	Move init.rb to the rails directory so Rails wi... [Manfred]
test/	Fri Jun 12 22:40:31 -0700 2009	Change the debug message about which Rails we'r... [Manfred]

README.rdoc

Authorization-San

Authorization-san allows you to specify access policies in your controllers. The plugin assumes a number of things about the application.

If a user has authenticated with the application, it’s stored in @authenticated. The method of authentication doesn’t matter. It also doesn’t matter what you put in @authenticated, as long as it’s truthy.
@authenticated has either a role attribute or a number of methods to query for the role: admin?, editor?, guest?. When the @authenticated object doesn’t have role methods you can’t use role based authentication rules, but the rest still works.

What does it look like?

  class BooksController < ActionController::Base
    # Visitors can see list of books and book pages
    allow_access :all, :only => [:index, :show]
    # An editor can create new books, but…
    allow_access :editor, :only => [:new, :create]
    # …she can only update her own books.
    allow_access(:editor, :only => [:edit, :update]) { @book = @authenticated.books.find(params[:id]) }
    # Admin users can do it all.
    allow_access :admin
  end

The best place to start learning more is the examples directory in the source.