Skip to content

/ easy-access

Easy access control and roles for CRUD operations.

www.mrchucho.net
MIT License
5 stars 2 forks
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
generators/easy_access
 
 
lib
 
 
tasks
 
 
test
 
 
.gitignore
 
 
MIT-LICENSE
 
 
README
 
 
Rakefile
 
 
init.rb
 
 
install.rb
 
 
uninstall.rb
 
 

README 

Easy Access
===========

Easy access control and roles for CRUD operations.

Easy Access provides a mixin for your User model that adds a simple role-based
access control system for the standard CRUD operations. A default access control
routine is supplied, but it can be overridden on a model-by-model basis allowing
for very fine-grained control.

Every CRUD operation has a corresponding User method and model hook. Implement
the model hooks(e.g. can_be_viewed_by?, can_be_edited_by?, etc.) and/or the
default AccessSystem::has_privilege_for? to customize your specific access
controls.


Installation
============

./script/plugin install http://github.com/mrchucho/easy-access.git

./script/generate easy_access Role


Example
=======

The can_(create|view|update|destroy)? methods can safely be used in any Controller:

    class RestrictedModelController < ApplicationController

        def create
            @model = RestrictedModel.build(params[:model])
            raise PermissionDenied unless current_user.can_create?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def show
            raise PermissionDenied unless current_user.can_view?(@model)
        end

        def update
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_update?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def destroy
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_destroy?(@model)
            @model.destroy
            redirect_to restricted_models_path
        end


By default AccessSystem::has_privilege_for? provides coarse-grained access
controls. To implement fine-grained access control for a specific model:

    class RestrictedModel < ActiveRecord::Base
        # ...
        def can_be_viewed_by?(user)
            user == self.user
        end

        def can_be_updated_by?(user)
            if self.state == :closed
                false
            else
                user == self.user
            end
        end

        def can_be_destroyed_by?(user)
            user.roles.any?{|r| r.name.eql?("Destroyer")}
        end


    class ReadOnlyModel < ActiveRecord::Base
        def can_be_viewed_by?(user); true; end
        def can_be_destroyed_by?(user); false; end
        def can_be_created_by?(user); false; end
        def can_be_updated_by?(user); false; end


Note that you only need to override those hooks for which more specific
controls are required.


Copyright (c) 2008 Ralph M Churchill, released under the MIT license

About

Easy access control and roles for CRUD operations.

www.mrchucho.net

Resources

Readme

License

MIT License

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.