Plugin for writing allow/deny rules in controllers
Ruby
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
spec
.gitignore
MIT-LICENSE
README.rdoc
Rakefile
init.rb

README.rdoc

Access

Defining access to actions through calls to allow/deny

Example

# you can rewrite access_denied which by default redirects to '/'
access_denied

# allow/deny all actions if there are no other rules for action
allow_by_default
deny_by_default

# allow/deny all following actions
allow
deny

# now explanation of rules (examples for allow can be applied to deny)

# allow index and show
allow :index, :show

# allow all actions if admin? evaluates to true
allow :if => :admin?

# allow index and show if admin? evaluates to true
allow :index, :show, :if => :admin?

# allow index and show if admin? or user? (string evaluates in context of controller instance)
allow :index, :show, :if => 'admin? || user?'

# allow index and show if admin? or user? (proc evaluates in context of controller instance)
allow :index, :show, :if => proc{ admin? || user? }

# allow index and show if admin? or user?
allow :index, :show, :if_any => [:admin?, :user?]

# allow index and show if admin? and odd_day?
allow :index, :show, :if_all => [:admin?, :odd_day?]

# allow index and show unless bad_user? or robot?
allow :index, :show, :unless_any => [:bad_user?, :robot?]

# allow index and show unless bad_user? and was_here_today?
allow :index, :show, :unless_all => [:bad_user?, :was_here_today?]

# rules override each other (order of rules is important)
# index can be accessed by anyone except bad_user
# new can be accessed by admin or user with special key but not by bad_user or robot (ever if he has special key)
# all other actions are inaccessible
deny_by_default
allow :index
allow :new, :if_any => [:admin?, :has_special_key?]
deny :if => :bad_user?
deny :new, :if => :robot?

# example
class ApplicationController < ActionController::Base
  deny_by_default
end

class PostController < ApplicationController
  allow :index, :show, :new, :create
  allow :edit, :update, :if => :owner
  allow :destroy, :if => :admin?
  deny :new, :create, :if_any => [:bad_user, :wrote_post_for_last_5_minutes?]
  deny :edit, :update, :if => :bad_user

  def index
    ...
  end

  def show
    ...
  end

  def new
    ...
  end

  def edit
    ...
  end

  def create
    ...
  end

  def update
    ...
  end

  def destroy
    ...
  end
end