guachiman
Minimal authorization library inspired by RailsCast #385 Authorization from Scratch by Ryan Bates.
Guachiman allows you to store authorization rules as a tree of permissions nested within groups.
Permissions can be either true
or a block that takes an object. In that case the permission will
be the result of the block evaluation.
Upgrading to ~> 1.0.0
Starting with version 1.0.0 all Rails-specific code and support has been removed. A new gem called guachiman-rails will be the recommended way to use Guachiman with Rails.
Installation
Add this line to your application's Gemfile
:
gem 'guachiman'
And then execute:
$ bundle
Or install it directly:
$ gem install guachiman
Usage
Describe your authorization objects in this way:
class Authorization
include Guachiman
def initialize(user = nil)
allow :sessions, [:new, :create]
if user
if user.admin?
@allow_all = true
else
allow :users, [:show, :edit, :update] do |user_id|
user.id == user_id
end
end
end
end
end
So that you can use them like this:
user = User.find(user_id)
admin = User.find(admin_id)
= Authorization.new
= Authorization.new(user)
= Authorization.new(admin)
.allow?(:sessions, :new)
# => true
.allow?(:users, :show)
# => false
.allow?(:users, :show)
# => true
.allow?(:users, :show, user.id)
# => true
#allow
This is what you use to set permissions. It takes two parameters, group
and permissions
, and an optional block.
#allow?
This is what you use to check permissions. It takes a group
param, a permission
param, and an optional object
param to evaluate in the block. If the instance variable @allow_all
is set to true
it will always return true
.
License
MIT