Skip to content
This repository has been archived by the owner on Dec 19, 2023. It is now read-only.
/ existential Public archive

The absolute minimum to enable authorization in Rails

License

MIT license
22 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

capotej/existential

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
lib
lib
 
 
rails
rails
 
 
tasks
tasks
 
 
test
test
 
 
MIT-LICENSE
MIT-LICENSE
 
 
README.markdown
README.markdown
 
 
Rakefile
Rakefile
 
 
install.rb
install.rb
 
 
uninstall.rb
uninstall.rb
 
 

Repository files navigation

Existential

The absolute minimum to handle custom fine grained authorization in Rails

Installation

From your rails directory

script/plugin install git://github.com/capotej/existential.git

Example Usage

Then you can just use it like so: # specify the thoughtful class class User < ActiveRecord::Base is_existential end

# allow_(action)_for? methods will get the user passed in
class Post < ActiveRecord::Base
  def allows_edit_for?(user)
    # your crazy auth rules here, in the model where they belong
    if self.user_id == user.id
      true
    else
      false
    end
  end
end

# your thoughtful class will have a can? method that works like so
class PostController < ActionController::Base
  def edit
    @post = Post.find(params[:id)
   	if current_user.can?(:edit, @post)
      # render the view          
    else
      # raise an exception, yell at the user, whatever
    end
  end
end

Thanks

Thanks to Nick Kallen for his excellent post on this pattern, which inspired this plugin

License

Copyright (c) 2010 Julio Capote, released under the MIT license

About

The absolute minimum to enable authorization in Rails

Resources

Readme

License

MIT license
Activity

Stars

22 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages