id_please

ID Please is an authorization system for any system using ActiveRecord. It is a role-based solution, but is meant to be fairly robust, support assigning roles to users and groups, with unlimited levels of nesting of users and groups. While documentation is scant, all methods should be tested as of now.

Implementation

The current set of models, and the method to include:

User and Groups can be the subject of a role by assigning them.. Each role has a name, and can refer to an object, or be global.

One specified name for roles is privileged (by default “Member”). If a subject is assigned to be a “Member” of another group, then when the subject is checked for whether it has a role, it checks both itself and all parent groups for whether it passes.

  • User: acts_as_authorization_subject

  • Group: acts_as_authorization_group

  • Assignment: acts_as_authorization_assignment

  • Role: acts_as_authorization_role

  • Object (can have roles): acts_as_authorization_object

By default, users can belong to groups, and those groups can have groups as well. This makes the checking db-query intensive (n+1 queries, where n is the number of level of parent groups for the current user). While these queries are quick, you can disable groups (and group nesting), to cut down on this. (currently not fully tested, use at own risk.)

Areas for improvement

  • Better documentation

  • Fast query of infinite level groups via optional cache table

  • Testing to see whether or not non-standard names work.

  • Using memoization to lower number of queries.

  • Using a config file to enable easier setup of all models

  • Building in permissions support

Thanks to

A great deal of thanks must be given to acl9, and oleg dashevskii, which provided a lot of the initial inspiration for this and some of the code.

Note on Patches/Pull Requests

  • Fork the project.

  • Make your feature addition or bug fix.

  • Add tests for it. This is important so I don’t break it in a future version unintentionally.

  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)

  • Send me a pull request. Bonus points for topic branches.

Copyright © 2010 James Stuart. See LICENSE for details.