mrchucho / easy-access

Branches (1)
- master ✓
Tags (0)

Easy access control and roles for CRUD operations. — Read more

http://www.mrchucho.net

This URL has Read+Write access

Added unit tests.

mrchucho (author)

Wed Oct 21 11:58:45 -0700 2009

commit e63982c8c0064e3e7cea670c960e169a6bad8fd3
tree 2c400f8c8cc36d78365fcf58bcdb037ae030b721
parent bb6c7c2c0899601ed1ea6bab6b29a0652d377699

easy-access /

name	age	history message
.gitignore	Mon Nov 17 17:23:55 -0800 2008	Added .gitignore [mrchucho]
MIT-LICENSE	Mon Nov 17 15:16:26 -0800 2008	Initial Release [mrchucho]
README	Tue Nov 18 06:31:35 -0800 2008	Updated the README with more specific information. [mrchucho]
Rakefile	Mon Nov 17 15:16:26 -0800 2008	Initial Release [mrchucho]
generators/	Tue Nov 18 06:35:41 -0800 2008	Don't provide an Exception, that's too applicat... [mrchucho]
init.rb	Mon Nov 17 15:16:26 -0800 2008	Initial Release [mrchucho]
install.rb	Mon Nov 17 15:16:26 -0800 2008	Initial Release [mrchucho]
lib/	Mon Nov 17 15:16:26 -0800 2008	Initial Release [mrchucho]
tasks/	Mon Nov 17 15:16:26 -0800 2008	Initial Release [mrchucho]
test/	Wed Oct 21 11:58:45 -0700 2009	Added unit tests. [mrchucho]
uninstall.rb	Mon Nov 17 15:16:26 -0800 2008	Initial Release [mrchucho]

README

Easy Access
===========

Easy access control and roles for CRUD operations.

Easy Access provides a mixin for your User model that adds a simple role-based
access control system for the standard CRUD operations. A default access control
routine is supplied, but it can be overridden on a model-by-model basis allowing
for very fine-grained control.

Every CRUD operation has a corresponding User method and model hook. Implement
the model hooks(e.g. can_be_viewed_by?, can_be_edited_by?, etc.) and/or the
default AccessSystem::has_privilege_for? to customize your specific access
controls.


Installation
============

./script/plugin install http://github.com/mrchucho/easy-access.git

./script/generate easy_access Role


Example
=======

The can_(create|view|update|destroy)? methods can safely be used in any Controller:

    class RestrictedModelController < ApplicationController

        def create
            @model = RestrictedModel.build(params[:model])
            raise PermissionDenied unless current_user.can_create?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def show
            raise PermissionDenied unless current_user.can_view?(@model)
        end

        def update
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_update?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def destroy
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_destroy?(@model)
            @model.destroy
            redirect_to restricted_models_path
        end


By default AccessSystem::has_privilege_for? provides coarse-grained access
controls. To implement fine-grained access control for a specific model:

    class RestrictedModel < ActiveRecord::Base
        # ...
        def can_be_viewed_by?(user)
            user == self.user
        end

        def can_be_updated_by?(user)
            if self.state == :closed
                false
            else
                user == self.user
            end
        end

        def can_be_destroyed_by?(user)
            user.roles.any?{|r| r.name.eql?("Destroyer")}
        end


    class ReadOnlyModel < ActiveRecord::Base
        def can_be_viewed_by?(user); true; end
        def can_be_destroyed_by?(user); false; end
        def can_be_created_by?(user); false; end
        def can_be_updated_by?(user); false; end


Note that you only need to override those hooks for which more specific
controls are required.


Copyright (c) 2008 Ralph M Churchill, released under the MIT license

mrchucho / easy-access

Pledgie Donations