Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A plugin for authorization in a ReSTful Ruby on Rails application
Ruby Shell
Failed to load latest commit information.
examples Fix a mistake in the scope example.
lib Use #instance_exec if possible in Authorization::BlockAccess#_block_i…
rails Change initialization slightly so it runs on both Rails 2.3 and 3.
test Run test suite on Rails 4.0.
.gitignore Move init.rb to the rails directory so Rails will pick it up. Add Jew…
.kick Minor rewrite of block_access. Cleanup up internal tests.
LICENSE Update year in Copyright line in the LICENSE.
README.rdoc Add a note about supported Rails versions.
Rakefile Don't break when Rdoc can't be loaded.
authorization-san.gemspec Bump version to 2.3.0. Attempt to remove Rails bin on Travis.



Authorization-san allows you to specify access policies in your controllers. The plugin assumes a number of things about the application.

  • If a user has authenticated with the application, it's stored in @authenticated. The method of authentication doesn't matter. It also doesn't matter what you put in @authenticated, as long as it's truthy.

  • @authenticated has either a role attribute or a number of methods to query for the role: admin?, editor?, guest?. When the @authenticated object doesn't have role methods you can't use role based authentication rules, but the rest still works.

What does it look like?

class BooksController < ActionController::Base
  # Visitors can see list of books and book pages
  allow_access :all, :only => [:index, :show]
  # An editor can create new books, but…
  allow_access :editor, :only => [:new, :create]
  # …she can only update her own books.
  allow_access(:editor, :only => [:edit, :update]) { @book = @authenticated.books.find(params[:id]) }
  # Admin users can do it all.
  allow_access :admin

The best place to start learning more is the examples directory in the source.

Will it run?

Authorization-San runs on all Ruby on Rails versions above 2.3 and their supported Ruby versions.


In order of appearance:

  • Manfred Stienstra <>

  • Eloy Duran <>

  • Hrvoje Šimić <>

  • Jeff Kreeftmeijer <>

Something went wrong with that request. Please try again.