guachiman

Minimal authorization library inspired by RailsCast #385 Authorization from Scratch by Ryan Bates.

Guachiman allows you to store authorization rules as a tree of permissions nested within groups. Permissions can be either true or a block that takes an object. In that case the permission will be the result of the block evaluation.

Codeship Status for goddamnhippie/guachiman

Upgrading to ~> 1.0.0

Starting with version 1.0.0 all Rails-specific code and support has been removed. A new gem called guachiman-rails will be the recommended way to use Guachiman with Rails.

Installation

Add this line to your application's Gemfile:

gem 'guachiman'

And then execute:

$ bundle

Or install it directly:

$ gem install guachiman

Usage

Describe your authorization objects in this way:

class Authorization
  include Guachiman

  def initialize(user = nil)
    allow :sessions, [:new, :create]

    if user
      if user.admin?
        @allow_all = true
      else
        allow :users, [:show, :edit, :update] do |user_id|
          user.id == user_id
        end
      end
    end
  end
end

So that you can use them like this:

user  = User.find(user_id)
admin = User.find(admin_id)

guest_authorization  = Authorization.new
user_authorization   = Authorization.new(user)
admin_authorization  = Authorization.new(admin)

guest_authorization.allow?(:sessions, :new)
# => true

user_authorization.allow?(:users, :show)
# => false

admin_authorization.allow?(:users, :show)
# => true

user_authorization.allow?(:users, :show, user.id)
# => true

#allow

This is what you use to set permissions. It takes two parameters, group and permissions, and an optional block.

#allow?

This is what you use to check permissions. It takes a group param, a permission param, and an optional object param to evaluate in the block. If the instance variable @allow_all is set to true it will always return true.

License

MIT