Skip to content

bellmyer/restful_roles

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
lib/bellmyer
lib/bellmyer
 
 
tasks
tasks
 
 
test
test
 
 
MIT-LICENSE
MIT-LICENSE
 
 
README.textile
README.textile
 
 
Rakefile
Rakefile
 
 
init.rb
init.rb
 
 
install.rb
install.rb
 
 
uninstall.rb
uninstall.rb
 
 

Repository files navigation

The Easiest Way to Implement Roles for Restful Authentication

Has somebody done this already? If so, please let me know. I couldn’t find
anything as hands-off as I’d like for managing roles with the
restful_authentication plugin. So I made one.

Shameless Plug

If you like what you see, why not recommend me on WorkingWithRails?

What?

restful_roles sits on top of restful_authentication like a small child atop his
father’s shoulders. Proud and triumphant, even though most of the accomplishment
isn’t really his.

Quite simply, restful_roles is the easiest roles management you can possibly have.
It assumes that your roles are sequentially more permissive. So if you have
member, admin, and owner roles, admins can see all the member stuff, and owners
can see everything.

How?

The Migration

Add to the user migration, or create a separate one. The important thing is to
create a string field by the name of “role” in your users table.

class AddRoletoUser < ActiveRecord::Migration
  def self.up
    add_column :users, :role, :string
  end

  def self.down
    remove_column :users, :role, :string
  end
end

The Model

Add this to the model that is using restful_authentication:

# app/models/user.rb
has_roles :member, :admin, :owner

Any users you create will be the first role by default – :member in this case.
Roles get more exclusive from left to right.

Now you can do this:

current_user.admin?

and it will return true only if the user’s role is admin OR HIGHER. Therefore, if your lowest role is :member, it would be pointless to call:

current_user.member?

because every user would be at least a member, and it would always return true.

Controllers

You can add role requirements to any controllers that use require_login.
require_role accepts a role, and an optional :only list.

Of course, you have to be a logged-in user to have a role, and so if you don’t
require_login for an action, then the role checking will never happen for that
action. It works by hooking into restful_authentication’s authorized? method.

Catch-all

# app/controllers/widgets_controller.rb

before_filter :login_required

require_role :admin

This requires Admin or greater privileges to use any action in the controller.

Only Some

# app/controllers/widgets_controller.rb

before_filter :login_required

require_role :member, :only=>[:index, :show]
require_role :admin,  :only=>[:new, :create, :edit, :update]
require_role :owner

In this case, you have to be at least a Member to see index/show pages, at
least an Admin to see those plus the creation/updating pages, and only Owners
can do anything else.

Except Some

# app/controllers/widgets_controller.rb

before_filter :login_required

require_role :admin, :except=>[:index, :show]

The above example requires Admin or greater privileges for everything except the
harmless (in this case) index and show actions.

CAVEAT: the :except option trumps all else, so there’s no reason (or ability) to
combine it with other require_role calls. Doing so would make the developer’s
intentions unclear anyway, and the whole point of this plugin is simplicity.

About

An add-on for restful_authentication that enables quick and easy roles.

kconrails.com/ruby-gems-plugins-restful_roles

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages