CanField Gem Version Dependency Status Build Status endorse

CanCan provides only model-level permissions. This gem adds field-based permissions to CanCan using strong_parameters gem.

Warning! Currently gem doesn't support any nested logic!

Installation

Add this line to your application's Gemfile:

gem 'can_field'

And then execute:

$ bundle

Or install it yourself as:

$ gem install can_field

Usage

ability.rb

Now you have new method for you ability.rb file.

canf(actions, target, fields)

# example usage

canf :update, Book, [:title, :desription]
canf [:create, :update], Shelf, [:position]

This method invoke standart can method with give actions and targer and generate some additional rules for restrict field access (:_cf_action_fl_field as example).

In controller

There is a contrller class method that provides integration with load_and_authorize_resource. Just add permit_can_field_constraints right after load_and_authorize_resource call. Like this:

class BooksController < ApplicationController
  load_and_authorize_resource
  permit_can_field_constraints

  ...

end

Helpers

In controller and views you can use helpers canf? and allowed_fields_for:

allowed_fields_for(action, subject) # return list of available fields or [:all] if no restrictions
allowed_fields_for :create, Book # as example

canf?(action, subject, field) # like can? but look for field restrictions
canf? :update, Book, :title # as example

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request