Authorization-san allows you to specify access policies in your controllers. The plugin assumes a number of things about the application.
-
If a user has authenticated with the application, it’s stored in
@authenticated. The method of authentication doesn’t matter. It also doesn’t matter what you put in @authenticated, as long as it’s truthy. -
@authenticatedhas either aroleattribute or a number of methods to query for the role:admin?,editor?,guest?. When the@authenticatedobject doesn’t have role methods you can’t use role based authentication rules, but the rest still works.
class BooksController < ActionController::Base # Visitors can see list of books and book pages allow_access :all, :only => [:index, :show] # An editor can create new books, but… allow_access :editor, :only => [:new, :create] # …she can only update her own books. allow_access(:editor, :only => [:edit, :update]) { @book = @authenticated.books.find(params[:id]) } # Admin users can do it all. allow_access :admin end
The best place to start learning more is the examples directory in the source.
Authorization-San runs on all Ruby on Rails versions above 2.3 and their supported Ruby versions.
In order of appearance:
-
Manfred Stienstra <manfred@fngtps.com>
-
Eloy Duran <eloy@fngtps.com>
-
Hrvoje Šimić <shime.ferovac@gmail.com>
-
Jeff Kreeftmeijer <jeff@fngtps.com>