#Sinatra-Bouncer Simple authorization permissions extension for Sinatra. Require the gem, then declare which routes are permitted based on your own logic.
gem install sinatra-bouncer
##Quickstart ###Step 1: Require/Register Bouncer
After registration, Bouncer will reject any request that either:
- has no rule associated with it, or
- has no associated rule that returns
require 'sinatra' require 'sinatra/bouncer' # ... routes and other config
require 'sinatra/base' require 'sinatra/bouncer' class MyApp < Sinatra::Base register Sinatra::Bouncer # ... routes and other config end
###Step 2: Declare Bouncer Rules
rules with a block that uses
can_sometimes to declare which paths are legalduring this request. The rules block is run in the context of the request, which means you will have access to sinatra helpers,
request object, and
require 'sinatra' require 'sinatra/bouncer' rules do # example: allow any GET request can(:get, :all) # example: logged in users can edit their account if(current_user) can(:post, '/user_edits_account') end end # ... route declarations as normal below
Any route declared with #can will be accepted without further challenge.
rules do can(:post, '/user_posts_blog') end
can_sometimes is for occasions that you to check further, but want to defer that choice until the path is actually attempted.
can_sometimes takes a block that will be run once the path is attempted. This block must return an explicit boolean
false) to avoid any accidental truthy values creating unwanted access.
rules do can_sometimes('/login') # Anyone can access this path end
:any and :all special parameters
:anyto the first parameter will match any HTTP method.
:allto the second parameter will match any path.
# this allows get on all paths can(:get, :all) # this allows any method type to run on the /login path can(:any, '/login')
Custom Bounce Behaviour
The default bounce action is to
halt 403. Call
bounce_with with a block to specify your own behaviour. The block is also run in a sinatra request context, so you can use helpers here as well.
require 'sinatra' require 'sinatra/bouncer' bounce_with do redirect '/login' end # bouncer rules, routes, etc...