It's a dead simple Rails authorization lib for well defined authorization objects interfaces.
Add it to your gemfile:
gem 'action_bouncer'
Or manually install it:
gem install action_bouncer
Allowing user to access specific actions:
except key works as a bypassing. Any kind of user would be allowed to access this action.
class UsersController < ApplicationController
allow :current_user, to: [:index, :new], except: :edit, if: :admin?
def index
end
def new
end
def edit
end
endAllowing user to access all actions:
class UsersController < ApplicationController
allow :current_user, to: :all, if: :admin?
def index
end
def new
end
def edit
end
endAlso, you can pass multiple methods that your authorizable object responds to:
allow :current_user, to: [:index, :new], if: [:admin?, :leader?]And allow users with different authorizations to access different actions:
allow :current_user, to: :index, if: :leader?
allow :current_user, to: :all, if: :admin?When not authorized, ActionBouncer raises an exception that can be rescued on your ApplicationController:
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
before_action :authenticate_user!
include ActionBouncer
rescue_from ActionBouncer::Unauthorized,
with: :user_not_authorized
private
def user_not_authorized
render nothing: true, status: :unauthorized
end
endbundle install
bundle exec rspec spec
Feel free to create issues and submit pull requests.