Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

The absolute minimum to enable authorization in Rails

branch: master

more readme

latest commit 9906b77325
Julio Capote authored April 22, 2010
Octocat-spinner-32 lib readme stuff April 22, 2010
Octocat-spinner-32 rails tests pass, ship it April 22, 2010
Octocat-spinner-32 tasks init April 22, 2010
Octocat-spinner-32 test more readme April 22, 2010
Octocat-spinner-32 MIT-LICENSE more readme April 22, 2010
Octocat-spinner-32 README.markdown more readme April 22, 2010
Octocat-spinner-32 Rakefile init April 22, 2010
Octocat-spinner-32 install.rb init April 22, 2010
Octocat-spinner-32 uninstall.rb init April 22, 2010
README.markdown

Existential

The absolute minimum to handle custom fine grained authorization in Rails

Installation

From your rails directory

script/plugin install git://github.com/capotej/existential.git

Example Usage

Then you can just use it like so: # specify the thoughtful class class User < ActiveRecord::Base is_existential end

# allow_(action)_for? methods will get the user passed in
class Post < ActiveRecord::Base
  def allows_edit_for?(user)
    # your crazy auth rules here, in the model where they belong
    if self.user_id == user.id
      true
    else
      false
    end
  end
end

# your thoughtful class will have a can? method that works like so
class PostController < ActionController::Base
  def edit
    @post = Post.find(params[:id)
    if current_user.can?(:edit, @post)
      # render the view          
    else
      # raise an exception, yell at the user, whatever
    end
  end
end    

Thanks

Thanks to Nick Kallen for his excellent post on this pattern, which inspired this plugin

License

Copyright (c) 2010 Julio Capote, released under the MIT license

Something went wrong with that request. Please try again.