A port of this gem working on mongoid is now avaible.

Rails-Canhaz Build Status

This gem is a simple activerecord extention that allows any application using activerecord to manage permissions based roles.

Installation

Standard gem installation :

gem install rails-canhaz

Or in your Gemfile if you use bundler

gem 'rails-canhaz'

You then need to create a single table in order to make this gem to work

Here is the schema of this table, if you're using ruby on rails, you should create a migration :

create_table :can_haz_permissions do |t|
  t.integer :csubject_id
  t.string :csubject_type

  t.integer :cobject_id
  t.string :cobject_type

  t.string :permission_name
end

add_index :can_haz_permissions, :csubject_id, :name => 'subject_id_ix'
add_index :can_haz_permissions, :cobject_id, :name => 'object_id_ix'

Or you can run this command to automatically create one:

rails g can_haz:install

How to use it ?

The rails-canhaz gem defines two static functions for ActiveRecord models which allow them to act as a subject or an object.

A subject has roles on objects.

Here is an example

class User < ActiveRecord::Base
  acts_as_canhaz_subject
end

class Article < ActiveRecord::Base
  acts_as_canhaz_object
end

Now our models are marked as canhaz subjects and objects, we have access to some handy functions :

user = User.find(42)
user2 = User.find(21)

article = Article.find(1337)
article2 = Article.find(784)

user.can?(:read, article) # Can the user read this article? false for now

user.can!(:read, article) # Ok, so the user can read this article
user.can!(:edit, article) # He can edit it as well

user.can?(:read, article) # Will be true

user.objects_with_permission(Article, :read) # Will return all the articles w/ read permissions for this user

User.objects_with_permission([user, user2], :read) # Will return all the articles w/ read permissions for these users

article.subjects_with_permission(User, :read) # Will return all the users hat are able to read this article

Article.subjects_with_permission([article, article2], User, :read) # Will return all the users that are able to read theses articles

#You can also remove permissions

user.cannot!(:read, article)

# Version 1.0.0 introduces global permissions :

user.can?(:haz_cheezburgers) # false

user.can!(:haz_cheezburgers)

user.can?(:haz_cheezburgers) # true

Changelog

  • 1.0.0 (hurray !):
    • Removing can and cannot deprecated functions (renamed to can! and cannot!)
    • Adding global permissions for subjects
  • 0.4.1 :
    • Adding a rails migration generator thanks to Awea
  • 0.4.0 :
    • Aliasing can to can! and deprecating can
    • Aliasing cannot to cannot! and deprecating cannot
  • 0.3.0 :
    • Removing rights from the database before destroying a subject or object model