Find file
Fetching contributors…
Cannot retrieve contributors at this time
49 lines (34 sloc) 1.81 KB
the authorization is modeled around roles. each user can belong to one or more
roles. every single action can belong to one or more roles.
the guard implementation is independent of the actual role model because the
role gets passed into the respective methods. BUT is depends on a method called
"current_user" in the action controller and a roles collection:
is called for checking the authorization inside the controller via the guard mehtods. this method can be called via a before filter in any controller.
first you need to configure the guards, one guard per controller and each guard can authorize roles for different actions.
on top of this you also can use a "allow" methods to check insode action_views or erector widgets (
each controller has configuration class for the guard. they are in the
diretory app/guards/. a typical configuration look like this, where ":users"
identifies the controller, ":root, :admin" the roles asigned to the actions
{ :index => [:root, :admin],
:show => [:root, :admin],
:edit => [:root],
:update => [:root],
:new => [:root],
:create => [:root],
:destroy => [:root] })
to initialize the guard add an initializer into the config/initializers directory guard.rb:
now you can use it in the controller like
before_filter :guard
inside a view (erector example) you check the guard conditions via the allowed method:
if allowed(:users, :index)
button_to( "users", users_path, :method => :get)
Copyright (c) 2008 Kristian Meier, released under the MIT license