Permissify
Based on/inspired by CanCan <img src=“https://secure.travis-ci.org/ryanb/cancan.png” />
Permissify is an authorization library for Ruby on Rails which restricts what resources a given model (i.e. user) is, or combination of models (user and merchant) are, allowed to access.
Abilities are defined in a single location (the Ability
class).
If you wish to permissify users with a set of roles, you ‘permissify’ the roles class and you specify (through seeds, administration or some other mechanism) each role’s permissions for each ability.
Permissify expects a user to have many and belong to roles.
In the system which this gem was extracted, users where assigned many roles and businesses where are assigned many products (or, more accurately, product bundles), a dealer–corporation–brand–merchant hierarchy and a hierarchical product inheritance scheme existed.
In views, access to ability-restricted navigation was typically affected by checking, (example is for merchant user admin) ‘allowed_to?(:view, :merchant_user_admin)’.
Under the hood, at least one of the user’s roles must have permission to view merchant user admin AND at least one of the merchant’s products must also have permission to view merchant user admin.
Remember those Venn diagrams from 4th grade? Permissify is performing unions and intersections for you.
It also allows you to specify if a particular ability is only governed by a single model (just role, just product or both role and product).
Installation
In Rails 3, add this to your Gemfile and run the bundle
command.
gem "permissify"
Getting Started
Use the following to get started:
The permissify_example application
Wiki Docs
Project Status
Infancy?
Extracted from non-gem implementation of in-production ProfitSteams system.
Implemented sample application.
Motivated (cycles permitting) to facilitate/accommodate the next permissified application.
Questions or Problems?
If you have any issues with Permissify which you cannot find the solution to in the documentation, please add an issue on GitHub or fork the project and send a pull request.
If I have time, I’ll try to help.
Attributions
cancan : our team’s starting point in our authorization odyssey.
Conceptual articulation by Yaw Nyarko and Eric Rapp.