Declarative Authorization wrapper for Padrino

Read github.com/stffn/declarative_authorization for everything else but how to secure your controllers.

Securing your controllers

Although it’s not the best approach and it has to be improved, it’ll do the job for now. Suggestions accepted :)

Register the module in your app/app.rb

register Authorization::Padrino

For each action on your controller you’d like to protect add something like this:

:protect => [{:action => :read, :resource => :users, :forbidden => "Custom 403 forbidden message"}]

Note that :forbidden is optional.

get '/', :provides => :json, :protect => [{:action => :read, :resource => :users}] do
  User.with_permissions_to.all.to_json(:include => :roles)
end

And that’s pretty much it :)

Demo app

github.com/dariocravero/declarative_authorization_padrino_demo_app