bellmyer / restful_roles

Description:	An add-on for restful_authentication that enables quick and easy roles. edit
Homepage:	edit
Public Clone URL:	git://github.com/bellmyer/restful_roles.git Give this clone URL to anyone. `git clone git://github.com/bellmyer/restful_roles.git`
Your Clone URL:	git@github.com:bellmyer/restful_roles.git Use this clone URL yourself. `git clone git@github.com:bellmyer/restful_roles.git`

fixed a typo in the documentation: listed restful_auth's before_filter as 
'require_login' instead of 'login_required' by mistake.  Also added the 
part about updating your users table with a role column.

bellmyer (author)

Tue Feb 10 11:15:55 -0800 2009

commit 9a0a3dfef298f3f8fd906279632852282924c8c4
tree 7eeb01dfa4a349526641904e9ce378a1a8b6ffab
parent f875076c2fb0e92b91f7d99d6d2d7a676ce273fb

restful_roles /

	name	age	history message
	MIT-LICENSE		Loading commit data...
	README.textile
	Rakefile
	init.rb
	install.rb
	lib/
	tasks/
	test/
	uninstall.rb

README.textile

The Easiest Way to Implement Roles for Restful Authentication

Has somebody done this already? If so, please let me know. I couldn’t find
anything as hands-off as I’d like for managing roles with the
restful_authentication plugin. So I made one.

Shameless Plug

If you like what you see, why not recommend me on WorkingWithRails?

What?

restful_roles sits on top of restful_authentication like a small child atop his
father’s shoulders. Proud and triumphant, even though most of the accomplishment
isn’t really his.

Quite simply, restful_roles is the easiest roles management you can possibly have.
It assumes that your roles are sequentially more permissive. So if you have
member, admin, and owner roles, admins can see all the member stuff, and owners
can see everything.

How?

The Migration

Add to the user migration, or create a separate one. The important thing is to
create a string field by the name of “role” in your users table.

class AddRoletoUser < ActiveRecord::Migration
  def self.up
    add_column :users, :role, :string
  end

  def self.down
    remove_column :users, :role, :string
  end
end

The Model

Add this to the model that is using restful_authentication:

# app/models/user.rb
has_roles ['Member', 'Admin', 'Owner']

Any users you create will be the first role by default – Members in this case.
Roles get more exclusive from left to right.

Controllers

You can add role requirements to any controllers that use require_login.
require_role accepts a role, and an optional :only list.

Of course, you have to be a logged-in user to have a role, and so if you don’t
require_login for an action, then the role checking will never happen for that
action. It works by hooking into restful_authentication’s authorized? method.

Catch-all

# app/controllers/widgets_controller.rb

before_filter :login_required

require_role 'Admin'

This requires Admin or greater privileges to use any action in the controller.

Only Some

# app/controllers/widgets_controller.rb

before_filter :login_required

require_role 'Member', :only=>[:index, :show]
require_role 'Admin',  :only=>[:new, :create, :edit, :update]
require_role 'Owner'

In this case, you have to be at least a Member to see index/show pages, at
least an Admin to see those plus the creation/updating pages, and only Owners
can do anything else.

Except Some

# app/controllers/widgets_controller.rb

before_filter :login_required

require_role 'Admin', :except=>[:index, :show]

The above example requires Admin or greater privileges for everything except the
harmless (in this case) index and show actions.

CAVEAT: the :except option trumps all else, so there’s no reason (or ability) to
combine it with other require_role calls. Doing so would make the developer’s
intentions unclear anyway, and the whole point of this plugin is simplicity.