Project

aclize

0.0
No commit activity in last 3 years
No release in over 3 years
aclizeserioja90/aclizeHomepageDocumentationSource CodeBug TrackerWiki
This gem allows you to define an ACL (Access Control List) for your Ruby on Rails application. It is simple to use and allows you to define access permissions for controllers, actions an paths.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
18,212
Stars
2
Forks
0
Watchers
3
 Releases
Current version
1.0.1
Total releases
6
First release
2015-11-19
Latest release
2020-05-22
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2016-06-19
Reverse Dependencies
0

 Dependencies

Development

rake
>= 12.0, < 14

Runtime

actionpack
>= 5.0, < 7
i18n
~> 1.0
 Project Readme

Aclize

Build Status

Aclize is a Ruby gem that allows you to easily define an ACL (Access Controll List) to controllers and paths of your Ruby on Rails application.

Installation

Add this line to your application's Gemfile:

gem 'aclize'

And then execute:

$ bundle install

Or install it yourself as:

$ gem install aclize

Usage

The Aclize gem will automatically load and will wrap ActionController::Base, in order to allow you to define the ACL rules from inside of your ApplicationController or any other controller that inherits from it.

Here is an example of how to use Aclize in your project:

class ApplicationController < ActionController::Base
  before_filter :setup_acl

  protected

  def setup_acl

    # define ACL for :admin
    acl_for :admin do
      controllers do
        permit "*" # permit to access any action of any controller
      end
    end

    # define acl for :user
    acl_for :user do
      controllers do
        permit :posts, only: [:index, :show]                  # users can access only :index and :show actions of :posts controller
        permit :comments, except: [:edit, :update, :destroy]  # can also access all the actions of :comments controller, except for :edit, :update and :destroy actions
      end

      paths do
        permit "path/[a-c]", "path/[0-9]+"    # permit :user to access "path/a", "path/b", "path/c" and "path/<a digit>"
        deny   "path/b"                       # deny the access to "path/b"
      end
    end

    set_current_role(current_user.role) # assuming that current_user is returning an object representing the current user
    filter_access! # apply the ACL for the current user
  end
end

IMPORTANT: you have to tell Aclize what is the role of the current user by calling set_current_role(<ROLE>) method, because if you don't specify any role, the default role :all will be used.

Once you've defined the ACL, Aclize will automatically manage the access control and will render the 403 Forbidden page when the user doesn't have enough permissions to access it.

Customizing 403 Page

If you need to customize the 403 Forbidden page, you could use the if_unauthorized helper for storing a callback, that will be executed when the access was denied to a user:

class ApplicationController < ActionController::Base
  if_unauthorized do
    respond_to do |format|
      format.html { render 'custom/403', disposition: 'inline', status: 403 }
    end
  end

  before_filter :setup_acl

  protected

  def setup_acl
    # YOUR ACL DEFINITION
  end
end

Contributing

  1. Fork it ( https://github.com/serioja90/aclize/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request