Gatekeeper

gatekeeper-rails provides a simple DSL to do authorization checks in rails controllers.

It's independent of any authencation/authorization lib. Feel free within a block!

Simple example

class PostsController < ApplicationController

  # Gatekeeper will close the doors
  # to all actions
  #
  include Gatekeeper

  # Tell to Gatekeeper allow access
  # to action index when the signed user
  # is admin or guest
  #
  allow :index do
    signed_user.is_admin? ||
    signed_user.is_guest?
  end

  # Tell to Gatekeeper allow access
  # to action new, create, update and destroy
  # only when the signed user is admin!
  #
  allow :new, :create, :update do
    signed_user.is_admin?
  end

  # Tell to Gatekeeper allow access
  # to action destroy only when the signed user
  # is admin, is older than 21 and it's before
  # 10 pm :)
  #
  allow :destroy do
    signed_user.is_admin? &&
    signed_user.age >= 21 &&
    Time.now.hour < 22
  end

  # Tell to Gatekeeper what it should do when
  # the access is denied
  #
  when_access_denied do
    render :text => "No donuts for you!!!", :status => '403'
  end

  # Controller actions
  #
  def index
    render :text => 'Index post action'
  end

  def new
    render :text => 'New post action'
  end

  def create
    render :text => 'Create post action'
  end

  def update
    render :text => 'Update post action'
  end

  def destroy
    render :text => 'Destroy post action'
  end

end

Using

Add gatekeeper-rails to your Gemfile:

gem 'gatekeeper-rails', :require => 'gatekeeper'