Skip to content

Home

Jump to bottom Edit New page
randx edited this page Aug 13, 2011 · 36 revisions

Six - is a authorization gem for ruby!

Installation

  gem install six

Usage

class BookRules
  # All authorization works on objects with method 'allowed'
  # No magic behind the scene
  # You can put this method to any class you want
  # It should always return array 
  def self.allowed(author, book)
    rules = []

    # good practice is to check for object type
    return rules unless book.instance_of?(Book)

    rules << :read_book if book.published? 
    rules << :edit_book if author && author.id == book.author_id

    # you are free to write any conditions you need
    if author && author.id == book.author_id && book.is_approved? # ....etc...
      rules << :publis_book 
    rules
  end
end

# Add rules to namespace ':book' & global namespace
Six::Guard.instance.add_pack(:book, BookRules)

Six::Guard.instance.allowed? :read_book, nil, nil # false
Six::Guard.instance.allowed? :read_book, nil, published_book # true

Six::Guard.instance.allowed? :edit_book, nil, nil # false
Six::Guard.instance.allowed? :edit_book, author, author.books.first # true

Usage with Rails

# Controller
class BooksController < ApplicationController
  before_filter :add_abilities
  before_filter :load_author

  def show
    @book = Book.find(params[:id])
    head(404) and return unless allowed?(:read_book, nil, @book)
  end

  def edit
    @book = Book.find(params[:id])
    head(404) and return unless allowed?(:edit_book, @author, @book)
  end

  protected

  def add_abilities
    Six::Guard.instance.add_pack(:book, Book)
  end

  def allowed?(action, object, subject)
    Six::Guard.instance.use(:book).allowed?(action, object, subject)
  end

  def load_author
    @author = Author.find_by_id(params[:author_id])
  end
end


# Model
class Book < ActiveRecord::Base
  belongs_to :author

  def self.allowed(object, subject)
    rules = []
    rules << :read_book if subject.public?

    if object.instance_of?(Author)
      if object.id == subject.author_id
        rules << :edit_book     
      end
    end

    rules
  end
end

# Helper
module ApplicationHelper
  def can?(action, object, subject)
    Six::Guard.instance.allowed?(action, object, subject)
  end
end


# View
<td><%= link_to 'Edit', edit_book_path(book) if can?(:edit_book, @author, book) %></td>
Add a custom footer
Add a custom sidebar
Clone this wiki locally