ExtremeAas

Gem for implementing Authentication Authorization System.

This gem allows you to specify permissions at controller action or helper methods levels.

Please read the following description carefully.

Action

An action is something that user can do in the system. An action can be a simple action (SimpleAction) or a group of actions (ActionGroup).

This concept was implemented using the composite design pattern.

SimpleAction

SimpleAction is the simplest thing an user has acccess to. It can be a helper method, or a controller action.

Simple actions are generated by reading the code of the application. For that you have to run the rake task extreme_aas:sync_simple_actions.

ActionGroup

ActionGroup is a set of simple actions or other groups of actions. It is defined in the file ”./config/extreme_aas_groups.yml”.

Structure:

<group_name>:
- action_name: <action_name>
  controller_name: <controller_name>
<another_group_name>:
- method_name: <method_name>
  helper_name: <helper_name>
- group: <child_group_name>

Example:

group_child:
- action_name: index
  controller_name: UsersController
group_parent:
- group: group_child
- method_name: show
  helper_name: UsersHelper

In order to read this file and export it to the database, you have call the rake task extreme_aas:export_group_actions.

Note: You can also use the task extreme_aas:update_actions which will both update simple actions and action groups.

Profile

A profile is the entity that is related to your application’s User model, and through grants stores all the permissions that user has in the application.

Grant

A Grant is the entity that says if a profile has access to a certain action. They can be specified or generated.

They are generated when a profile doesn’t have a grant for a certain simple action, but this simple action is part of a group that is granted to the profile. Confused? Read it again, sorry :/

In this case volatile grants will be generated for the simple actions. These volatile grants have to be updated manually by calling the rake task , Profile#update_grants or GroupAction#update_grants. NOT_IMPLEMENTED

TODO kinds of grants (readonly hidden visible….)

How to Install it

To install you have to:

$ rails generate extreme_aas
$ rake db:migrate

This will create the tables extreme_profiles, extreme_actions, extreme_simple_actions, extreme_action_groups, extreme_action_edges, extreme_grants. Now, only granted actions will be permited in your application.