Lightweight ruby gem that manages your authorization for any framework
Ruby
Switch branches/tags
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
spec
.gitignore
.rspec
CHANGELOG.md
Gemfile
README.md
Rakefile
permiso.gemspec

README.md

CSS: http://hotx.resfinity.com/css/readme.css

Permiso

is a lightweight gem for defining and veryfying permissions, or in other words checking authorization.

Define a class with your abilities, you can name it whatever you want, but Ability is a nice name I borrowed from cancan.

Installation

Choose your weapon, via command line

gem install permiso

in a Gemfile

gem 'permiso'                                               # latest stable
gem 'permiso', :git => 'git://github.com/pzol/permiso.git'  # for the bleeding edge

Permiso helper methods

  • role: defines what a named role can do
  • rule: defines additional checks which must be met in order

The easy example

class Ability
  include Permiso::Ability
  
  def initialize
    role :admin do
      can :delete
    end
  end
end

Checking now is easy:

ability = Ability.new
ability.can? :admin, :delete

Example with rules

A more complex example with rules and a domain object injected

class Ability
  include Permiso::Ability

  def initialize(booking)
    @booking = booking

    role :admin do
      can :cancel
      can :create
    end

    rule :cancel do
      @booking.status == 'book_confirmed'
    end
  end

end

Checking is (almost) the same as in the prior example:

ability = Ability.new(booking)
ability.can? :admin, :cancel

Multiple roles are also supported:

ability = Ability.new(booking)
ability.can? [:admin, :user], :cancel

In this case, only the admin can cancel the booking, if the status is book_confirmed.

I use dependency injection, to bring in an object on which I conduct test, in this case the booking.

Using in Padrino

For that I define a helper

MyWebApp.helpers do
  def can(action)
    ability = Ability.new(@booking)
    ability.can? current_user.roles, action
  end
end

which then allows me to use this in my haml file:

- if can :cancel
  %a{ :href => '/cancel' }

TODO

  • blocks for #can (defining)
  • role priorities?