A plugin for authorization in a ReSTful Ruby on Rails application
Ruby Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
examples
lib
rails
test
.gitignore
.kick
.travis.yml
LICENSE
README.rdoc
Rakefile
authorization-san.gemspec
install.sh

README.rdoc

Authorization-San

Authorization-san allows you to specify access policies in your controllers. The plugin assumes a number of things about the application.

  • If a user has authenticated with the application, it's stored in @authenticated. The method of authentication doesn't matter. It also doesn't matter what you put in @authenticated, as long as it's truthy.

  • @authenticated has either a role attribute or a number of methods to query for the role: admin?, editor?, guest?. When the @authenticated object doesn't have role methods you can't use role based authentication rules, but the rest still works.

What does it look like?

class BooksController < ActionController::Base
  # Visitors can see list of books and book pages
  allow_access :all, :only => [:index, :show]
  # An editor can create new books, but…
  allow_access :editor, :only => [:new, :create]
  # …she can only update her own books.
  allow_access(:editor, :only => [:edit, :update]) { @book = @authenticated.books.find(params[:id]) }
  # Admin users can do it all.
  allow_access :admin
end

The best place to start learning more is the examples directory in the source.

Will it run?

Authorization-San runs on all Ruby on Rails versions above 2.3 and their supported Ruby versions.

Contributers

In order of appearance:

  • Manfred Stienstra <manfred@fngtps.com>

  • Eloy Duran <eloy@fngtps.com>

  • Hrvoje Šimić <shime.ferovac@gmail.com>

  • Jeff Kreeftmeijer <jeff@fngtps.com>