Declarative Authorization's Padrino wrapper
Ruby
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
.gitignore
Gemfile
MIT-LICENSE
README.rdoc
Rakefile
declarative_authorization_padrino.gemspec

README.rdoc

Declarative Authorization wrapper for Padrino

Read github.com/stffn/declarative_authorization for everything else but how to secure your controllers.

Securing your controllers

Although it's not the best approach and it has to be improved, it'll do the job for now. Suggestions accepted :)

Register the module in your app/app.rb

register Authorization::Padrino

For each action on your controller you'd like to protect add something like this:

:protect => [{:action => :read, :resource => :users, :forbidden => "Custom 403 forbidden message"}]

Note that :forbidden is optional.

get '/', :provides => :json, :protect => [{:action => :read, :resource => :users}] do
  User.with_permissions_to.all.to_json(:include => :roles)
end

And that's pretty much it :)

Demo app

github.com/dariocravero/declarative_authorization_padrino_demo_app