GitHub - mrchucho/easy-access: Easy access control and roles for CRUD operations.

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
generators/easy_access		generators/easy_access
lib		lib
tasks		tasks
test		test
.gitignore		.gitignore
MIT-LICENSE		MIT-LICENSE
README		README
Rakefile		Rakefile
init.rb		init.rb
install.rb		install.rb
uninstall.rb		uninstall.rb

Repository files navigation

Easy Access
===========

Easy access control and roles for CRUD operations.

Easy Access provides a mixin for your User model that adds a simple role-based
access control system for the standard CRUD operations. A default access control
routine is supplied, but it can be overridden on a model-by-model basis allowing
for very fine-grained control.

Every CRUD operation has a corresponding User method and model hook. Implement
the model hooks(e.g. can_be_viewed_by?, can_be_edited_by?, etc.) and/or the
default AccessSystem::has_privilege_for? to customize your specific access
controls.


Installation
============

./script/plugin install http://github.com/mrchucho/easy-access.git

./script/generate easy_access Role


Example
=======

The can_(create|view|update|destroy)? methods can safely be used in any Controller:

    class RestrictedModelController < ApplicationController

        def create
            @model = RestrictedModel.build(params[:model])
            raise PermissionDenied unless current_user.can_create?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def show
            raise PermissionDenied unless current_user.can_view?(@model)
        end

        def update
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_update?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def destroy
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_destroy?(@model)
            @model.destroy
            redirect_to restricted_models_path
        end


By default AccessSystem::has_privilege_for? provides coarse-grained access
controls. To implement fine-grained access control for a specific model:

    class RestrictedModel < ActiveRecord::Base
        # ...
        def can_be_viewed_by?(user)
            user == self.user
        end

        def can_be_updated_by?(user)
            if self.state == :closed
                false
            else
                user == self.user
            end
        end

        def can_be_destroyed_by?(user)
            user.roles.any?{|r| r.name.eql?("Destroyer")}
        end


    class ReadOnlyModel < ActiveRecord::Base
        def can_be_viewed_by?(user); true; end
        def can_be_destroyed_by?(user); false; end
        def can_be_created_by?(user); false; end
        def can_be_updated_by?(user); false; end


Note that you only need to override those hooks for which more specific
controls are required.


Copyright (c) 2008 Ralph M Churchill, released under the MIT license