Easy access control and roles for CRUD operations.
Ruby
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
generators/easy_access
lib
tasks
test
.gitignore
MIT-LICENSE
README
Rakefile
init.rb
install.rb
uninstall.rb

README

Easy Access
===========

Easy access control and roles for CRUD operations.

Easy Access provides a mixin for your User model that adds a simple role-based
access control system for the standard CRUD operations. A default access control
routine is supplied, but it can be overridden on a model-by-model basis allowing
for very fine-grained control.

Every CRUD operation has a corresponding User method and model hook. Implement
the model hooks(e.g. can_be_viewed_by?, can_be_edited_by?, etc.) and/or the
default AccessSystem::has_privilege_for? to customize your specific access
controls.


Installation
============

./script/plugin install http://github.com/mrchucho/easy-access.git

./script/generate easy_access Role


Example
=======

The can_(create|view|update|destroy)? methods can safely be used in any Controller:

    class RestrictedModelController < ApplicationController

        def create
            @model = RestrictedModel.build(params[:model])
            raise PermissionDenied unless current_user.can_create?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def show
            raise PermissionDenied unless current_user.can_view?(@model)
        end

        def update
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_update?(@model)
            @model.save!
            redirect_to restricted_model_path(@model)
        end

        def destroy
            @model = RestrictedModel.find(params[:id])
            raise PermissionDenied unless current_user.can_destroy?(@model)
            @model.destroy
            redirect_to restricted_models_path
        end


By default AccessSystem::has_privilege_for? provides coarse-grained access
controls. To implement fine-grained access control for a specific model:

    class RestrictedModel < ActiveRecord::Base
        # ...
        def can_be_viewed_by?(user)
            user == self.user
        end

        def can_be_updated_by?(user)
            if self.state == :closed
                false
            else
                user == self.user
            end
        end

        def can_be_destroyed_by?(user)
            user.roles.any?{|r| r.name.eql?("Destroyer")}
        end


    class ReadOnlyModel < ActiveRecord::Base
        def can_be_viewed_by?(user); true; end
        def can_be_destroyed_by?(user); false; end
        def can_be_created_by?(user); false; end
        def can_be_updated_by?(user); false; end


Note that you only need to override those hooks for which more specific
controls are required.


Copyright (c) 2008 Ralph M Churchill, released under the MIT license