Privileged

Privileged provides simple, explicit permissions/authorization for your User-ish classes in only about 10 lines of code. It was inspired by canable and cancan, but attempts to be less magical, defaults defined privileges to false, allows flexible naming, works inside or outside of Rails, does not deal with the controller or rely on current_user, and supports the multiple roles (or models/scopes) structure of devise.

Example Usage

class User

  extend Privileged::Actor
  privilege :can_create?, :creatable_by?
  privilege :can_view?, :viewable_by?, :default => true
  privilege :can_update?, :updatable_by?
  privilege :can_destroy?, :destroyable_by?
  privilege :some_ability?, :some_ability_by_user?

end

class Page

  def creatable_by?(user)
    user.moderator || user.age > 20
  end

  def updatable_by?(user)
    user.moderator
  end

end

…in the console…

@user = User.new
@page = Page.new

@user.can_create?(Page.new) # false
@user.age = 30
@user.can_create?(Page.new) # true

@user.can_view?(@page) # true - This method first looked for a :viewable_by? method on the @page - finding none, it looked for the :default option, which we set to true - Undefined methods default to false

@user.can_update?(@page) # false
@user.moderator = true
@user.can_update?(@page) # true

@user.can_destroy?(@page) # false - even though :destroyable_by? is not defined in the Page class, undefined methods default to false - This can be overridden via the :default option

@user.some_ability?(@page) # false - use any naming convention you like

Copyright © 2010 David Baldwin. See LICENSE.txt for further details.