This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
| name | age | message | |
|---|---|---|---|
 |
.gitignore | Loading commit data...  |
|
| |
MIT-LICENSE | ||
| |
README | ||
| |
Rakefile | ||
 |
generators/ | ||
| |
init.rb | ||
| |
install.rb | ||
| |
lib/ | ||
| |
tasks/ | ||
| |
test/ | ||
| |
uninstall.rb |
README
Easy Access =========== Easy access control and roles for CRUD operations. Easy Access provides a mixin for your User model that adds a simple role-based access control system for the standard CRUD operations. A default access control routine is supplied, but it can be overridden on a model-by-model basis allowing for very fine-grained control. Every CRUD operation has a corresponding User method and model hook. Implement the model hooks(e.g. can_be_viewed_by?, can_be_edited_by?, etc.) and/or the default AccessSystem::has_privilege_for? to customize your specific access controls. Installation ============ ./script/plugin install http://github.com/mrchucho/easy-access.git ./script/generate easy_access Role Example ======= The can_(create|view|update|destroy)? methods can safely be used in any Controller: class RestrictedModelController < ApplicationController def create @model = RestrictedModel.build(params[:model]) raise PermissionDenied unless current_user.can_create?(@model) @model.save! redirect_to restricted_model_path(@model) end def show raise PermissionDenied unless current_user.can_view?(@model) end def update @model = RestrictedModel.find(params[:id]) raise PermissionDenied unless current_user.can_update?(@model) @model.save! redirect_to restricted_model_path(@model) end def destroy @model = RestrictedModel.find(params[:id]) raise PermissionDenied unless current_user.can_destroy?(@model) @model.destroy redirect_to restricted_models_path end By default AccessSystem::has_privilege_for? provides coarse-grained access controls. To implement fine-grained access control for a specific model: class RestrictedModel < ActiveRecord::Base # ... def can_be_viewed_by?(user) user == self.user end def can_be_updated_by?(user) if self.state == :closed false else user == self.user end end def can_be_destroyed_by?(user) user.roles.any?{|r| r.name.eql?("Destroyer")} end class ReadOnlyModel < ActiveRecord::Base def can_be_viewed_by?(user); true; end def can_be_destroyed_by?(user); false; end def can_be_created_by?(user); false; end def can_be_updated_by?(user); false; end Note that you only need to override those hooks for which more specific controls are required. Copyright (c) 2008 Ralph M Churchill, released under the MIT license
