Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Ruby
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
test
.gitignore
Gemfile
Gemfile.lock
README.mdown
Rakefile
objectbouncer.gemspec
objectbouncer_test.db

README.mdown

ObjectBouncer

ObjectBouncer provides a way to restrict access to an objects properties or methods based upon a series of preconditions.

Usage

Let's say we have a President who needs protection:

class President
  def shake_hands
    "shaking hands"
  end

  def high_five
    "high five!"
  end

  def give(gift)
    "thanks"
  end
end

And the following people:

class Nutjob
  def dictator?
    true
  end
end

class VicePresident
  def democrat?
    true
  end

  def friend?(other)
    other.class == President
  end
end

class Hippie
  def democrat?
    true
  end
end

To protect the President we'd add the following to our class definition:

class President
  include ObjectBouncer::Doorman
  door_policy do
    deny :shake_hands,  :if => Proc.new{|person| person.dictator? }
    allow :shake_hands, :if => Proc.new{|person| person.democrat? }
    deny :high_five,    :unless => Proc.new{|person, president|
                                  person.friend?(president) }
    deny :give,         :unless => Proc.new{|person, president, *args|
                                  args.first == :donation }
  end
end

And now, to put our security detail in place we need to specify the current user that is initiating the interaction:

@obama       = President.new
@gaddafi     = Nutjob.new
@joe_biden   = VicePresident.new
@tommy_chong = Hippie.new

@obama.current_user = @gaddafi
@obama.shake_hands                # Raises PermissionDenied
@obama.give(:donation)            # Allowed
@obama.give(:suspect_package)     # Raises PermissionDenied

@obama.current_user = @joe_biden
@obama.shake_hands                # Allowed
@obama.high_five                  # Allowed

@obama.current_user = @tommy_chong
@obama.shake_hands                # Allowed
@obama.high_five                  # Raises PermissionDenied

Alternatively, if you can specify the user when you instantiate the object:

@gaddafi     = Nutjob.new
@obama       = President.as(@gaddafi).new

@obama.shake_hands                # Raises PermissionDenied
@obama.give(:donation)            # Allowed
@obama.give(:suspect_package)     # Raises PermissionDenied

Handy in things like application controllers where you want to pass in the currently logged in user.

Why would I want to use this?

Most of the existing RBAC and other access based permission systems are implemented at a controller or action level within the MVC stack. ObjectBouncer allows you to provide more granular control my limiting access to discrete methods on an instance of an object, while keeping the permissions logic external to the methods themselves.

Compatibility

Test suite has currently only been confirmed on the following platforms:

  • MRI Ruby 1.9.2

Contributions

Patches gladly accepted. Please fork this repo, add a relevant test, and send me a pull request. Kudos to the following for design, advice, input, etc.:

  • Pedro Belo
  • Ryan Smith
  • Graham Ashton

Status

Currently still under active development and considered alpha, the API is liable to change without notice.

License

ObjectBouncer is released under the MIT license.

Copyright (c) 2011 Glenn Gillen

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Analytics

Something went wrong with that request. Please try again.