ExtremeAas
Gem for implementing Authentication Authorization System.
This gem allows you to specify permissions at controller action or helper methods levels.
Please read the following description carefully.
Action
An action is something that user can do in the system. An action can be a simple action (SimpleAction) or a group of actions (ActionGroup).
This concept was implemented using the composite design pattern.
SimpleAction
SimpleAction is the simplest thing an user has acccess to. It can be a helper method, or a controller action.
Simple actions are generated by reading the code of the application. For that you have to run the rake task extreme_aas:sync_simple_actions.
ActionGroup
ActionGroup is a set of simple actions or other groups of actions. It is defined in the file ”./config/extreme_aas_groups.yml”.
Structure:
<group_name>:
- action_name: <action_name>
controller_name: <controller_name>
<another_group_name>:
- method_name: <method_name>
helper_name: <helper_name>
- group: <child_group_name>
Example:
group_child:
- action_name: index
controller_name: UsersController
group_parent:
- group: group_child
- method_name: show
helper_name: UsersHelper
In order to read this file and export it to the database, you have call the rake task extreme_aas:export_group_actions.
Note: You can also use the task extreme_aas:update_actions which will both update simple actions and action groups.
Profile
A profile is the entity that is related to your application’s User model, and through grants stores all the permissions that user has in the application.
Grant
A Grant is the entity that says if a profile has access to a certain action. They can be specified or generated.
They are generated when a profile doesn’t have a grant for a certain simple action, but this simple action is part of a group that is granted to the profile. Confused? Read it again, sorry :/
In this case volatile grants will be generated for the simple actions. These volatile grants have to be updated manually by calling the rake task , Profile#update_grants or GroupAction#update_grants. NOT_IMPLEMENTED
TODO kinds of grants (readonly hidden visible….)
How to Install it
To install you have to:
$ rails generate extreme_aas
$ rake db:migrate
This will create the tables extreme_profiles, extreme_actions, extreme_simple_actions, extreme_action_groups, extreme_action_edges, extreme_grants. Now, only granted actions will be permited in your application.