-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
47 lines (32 loc) · 1.55 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
RoleRequirement
===============
RoleRequirement is a limited-purpose authorization plugin for Rails apps. It performs controller-level authorization checks against a Roles table. No unit-level authorization is provided.
The design pattern bears an uncanny resemblance to DHH's SslRequirement plugin. That's because it's modeled after it (thanks DHH).
This plugin assumes that you have a User model that has_one Role. The Role model can look like anything as long as it has a #name attribute. It also looks for a current_user method in your controller.
to enable the plugin, include the RoleRequirement module in your ApplicationController.
Example
=======
class ApplicationController < ActiveRecord::Base
include RoleRequirement
end
class UsersController < ApplicationController
require_role :administrator, :new, :create, :edit, :update, :destroy
def index
# no authorization required
end
def new # create, edit, update, destroy
# Must be an administrator
end
end
class ArticlesController < ApplicationController
require_role [:administrator, :author], :index, :show, :new, :create, :edit, :update
def :index # show, new, create, edit, update
Must be an administrator or an author
end
end
Contributors
============
* Ryan Heneise
* Special thanks for David Heinemeier Hansson for the design pattern that this plugin follows.
Copyright (c) 2008 Ryan Heneise, released under the MIT license.
"Rails" and "Ruby on Rails", are trademarks of David Heinemeier Hansson. All rights reserved.