bellmyer / restful_roles
- Source
- Commits
- Network (0)
- Issues (0)
- Downloads (0)
- Wiki (1)
- Graphs
-
Tree:
f875076
An add-on for restful_authentication that enables quick and easy roles.
tree 448c9c8a1c68f1c6e2b72bfe69f022b46538281d
parent 31d48c898dc60fc862feb80c803208b5110fb061
| name | age | message | |
|---|---|---|---|
 |
MIT-LICENSE | Loading commit data...  |
|
| |
README.textile | ||
| |
Rakefile | ||
| |
init.rb | ||
| |
install.rb | ||
 |
lib/ | ||
| |
tasks/ | ||
| |
test/ | ||
| |
uninstall.rb |
The Easiest Way to Implement Roles for Restful Authentication
Has somebody done this already? If so, please let me know. I couldn’t find
anything as hands-off as I’d like for managing roles with the
restful_authentication plugin. So I made one.
Shameless Plug
If you like what you see, why not recommend me on WorkingWithRails?
What?
restful_roles sits on top of restful_authentication like a small child atop his
father’s shoulders. Proud and triumphant, even though most of the accomplishment
isn’t really his.
Quite simply, restful_roles is the easiest roles management you can possibly have.
It assumes that your roles are sequentially more permissive. So if you have
member, admin, and owner roles, admins can see all the member stuff, and owners
can see everything.
How?
The Model
Add this to the model that is using restful_authentication:
# app/models/user.rb has_roles ['Member', 'Admin', 'Owner']
Any users you create will be the first role by default – Members in this case.
Roles get more exclusive from left to right.
Controllers
You can add role requirements to any controllers that use require_login.
require_role accepts a role, and an optional :only list.
Of course, you have to be a logged-in user to have a role, and so if you don’t
require_login for an action, then the role checking will never happen for that
action. It works by hooking into restful_authentication’s authorized? method.
Catch-all
# app/controllers/widgets_controller.rb before_filter :require_login require_role 'Admin'
This requires Admin or greater privileges to use any action in the controller.
Only Some
# app/controllers/widgets_controller.rb before_filter :require_login require_role 'Member', :only=>[:index, :show] require_role 'Admin', :only=>[:new, :create, :edit, :update] require_role 'Owner'
In this case, you have to be at least a Member to see index/show pages, at
least an Admin to see those plus the creation/updating pages, and only Owners
can do anything else.
Except Some
# app/controllers/widgets_controller.rb before_filter :require_login require_role 'Admin', :except=>[:index, :show]
The above example requires Admin or greater privileges for everything except the
harmless (in this case) index and show actions.
CAVEAT: the :except option trumps all else, so there’s no reason (or ability) to
combine it with other require_role calls. Doing so would make the developer’s
intentions unclear anyway, and the whole point of this plugin is simplicity.
