Permissify

Based on/inspired by CanCan <img src=“https://secure.travis-ci.org/ryanb/cancan.png” />

Wiki | RDocs

Permissify is an authorization library for Ruby on Rails which restricts what resources a given model (i.e. user) is, or combination of models (user and merchant) are, allowed to access.

Abilities are defined in a single location (the Ability class).

If you wish to permissify users with a set of roles, you ‘permissify’ the roles class and you specify (through seeds, administration or some other mechanism) each role’s permissions for each ability.

Permissify expects a user to have many and belong to roles.

In the system which this gem was extracted, users where assigned many roles and businesses where are assigned many products (or, more accurately, product bundles), a dealer–corporation–brand–merchant hierarchy and a hierarchical product inheritance scheme existed.

In views, access to ability-restricted navigation was typically affected by checking, (example is for merchant user admin) ‘allowed_to?(:view, :merchant_user_admin)’.

Under the hood, at least one of the user’s roles must have permission to view merchant user admin AND at least one of the merchant’s products must also have permission to view merchant user admin.

Remember those Venn diagrams from 4th grade? Permissify is performing unions and intersections for you.

It also allows you to specify if a particular ability is only governed by a single model (just role, just product or both role and product).

Installation

In Rails 3, add this to your Gemfile and run the bundle command.

gem "permissify"

Getting Started

Use the following to get started:

The permissify_example application

The Usage WIKI

Wiki Docs

Project Status

Infancy?

Extracted from non-gem implementation of in-production ProfitSteams system.

Implemented sample application.

Motivated (cycles permitting) to facilitate/accommodate the next permissified application.

Questions or Problems?

If you have any issues with Permissify which you cannot find the solution to in the documentation, please add an issue on GitHub or fork the project and send a pull request.

If I have time, I’ll try to help.

Attributions

cancan : our team’s starting point in our authorization odyssey.

Conceptual articulation by Yaw Nyarko and Eric Rapp.