Every repository with this icon (
) is private.
Every repository with this icon (
) is public.
| name | age | message | |
|---|---|---|---|
 |
.document | Fri Oct 23 05:38:23 -0700 2009 | |
| |
.gitignore | Fri Oct 30 11:01:45 -0700 2009 | |
| |
LICENSE | Fri Oct 23 05:38:23 -0700 2009 | |
| |
README.rdoc | Mon Nov 30 16:33:22 -0800 2009 | |
| |
Rakefile | Fri Oct 30 12:19:46 -0700 2009 | |
| |
VERSION | Wed Nov 04 12:50:07 -0800 2009 | |
 |
lib/ | Wed Nov 04 12:51:00 -0800 2009 | |
| |
spec/ | Fri Oct 30 11:01:45 -0700 2009 | |
| |
zuul.gemspec | Wed Nov 04 12:51:00 -0800 2009 |
Zuul
Zuul provides a simple role-based authorization framework for Rails apps.
sudo gem install zuul --source http://gemcutter.org
Quick Start
Zuul expects that you have a current_user method available.
Add a role to your users table.
add_column :users, :role, :string
In your User model, specify the valid roles.
valid_roles :guest, :member, :admin
In your ApplicationController, enable access restrictions.
include Zuul::RestrictAccess restrict_access
In your controllers, specify which roles are allowed for which actions.
require_user :guest, :admin, :only => :index, :show
Examples and Options
You can pass restrict_access some options
- access_denied_message - The string that will be added to the flash[:notice] if the user has been denied access to an action. Defaults to "You must be logged in to access this page".
- require_no_user_message - The string that will be added to the flash[:notice] if the requested action requires there be NO user signed in and there is one. Defaults to "You must be logged out to access this page".
- unauthorized_redirect_path - The name of a method, as a symbol, that will be called to determine where to redirect someone when they have been denied access. The method is expected to return a string. The default is :unauthorized_path which returns "/".
You can pass require_user a list of roles and also indicate which actions to apply the restriction to using :only and :except. Some examples:
- Restrict access to all actions for a specific role.
require_user :admin
- Restrict access to specific actions for specific roles.
require_user :guest, :admin, :only => :index, :show
- Require a user but don’t care about the role.
require_user :only => :show
- Don’t allow access to edit or update if there is a user.
require_no_user :only => :edit, :update
Credits
Thanks to Les Hill for help testing the ApplicationController mixins.
Note on Patches/Pull Requests
- Fork the project.
- Make your feature addition or bug fix.
- Add tests for it. This is important so I don’t break it in a future version unintentionally.
- Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
- Send me a pull request. Bonus points for topic branches.
Copyright
Copyright © 2009 Wes Gibbs. See LICENSE for details.
