THIS REPO IS NO LONGER MAINTAINED
We haven't used this for a while. If you would like to take over ownership of this repo, please let us know.
authorize_me is a gem for Rails to handle simple role-based authorization. It is similar in style to can-can. The largest difference is that authorization rules are defined in the model they protect rather than one centralized location.
Set up the user model
Tell the gem which model to treat as the “user”.
class User authorize_me end
The following methods are generated:
User#can_create?(obj) User#can_read?(obj) User#can_update?(obj) User#can_destroy?(obj)
Each of these methods can take a model class, instance, or symbol.
The user model is expected to have a role method that returns a string or symbol. It could be a DB column or a method you define. Here is an example:
def role if admin? :admin else user_type end end
Declare authorization rules
Authorization rules are declared in each model where they apply
class Article authorization do |role| role.admin :can => :manage role.publisher :can => :manage, :if => :author? role.publisher :can => [:read, :create] role.any :can => :read end end
In this example a publisher can always read and create articles, but they can only manage articles for which they are the author. This declaration assumes there is an Article#author? method which takes a user argument and returns a boolean.
:manage is shorthand for [:create, :read, :update, :destroy]
In your controllers
The unauthorized! method simply raises an AuthorizeMe::Unauthorized exception for you to handle as you choose.
def show @article = Article.find(params[:id]) unauthorized! unless current_user.can_read?(@article) end
In your views
<% if current_user.can_update?(@article) %> <%= link_to 'edit', edit_article_path(@article) %> <% end %>
Copyright © 2010 Adam McCrea, released under the MIT license