0.0
No commit activity in last 3 years
No release in over 3 years
Very simple authorization solution with no depedencies. Each permission is stored in its class and authorizations are given through a two methods interface.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 0.2.20
 Project Readme

ActiveControl¶ ↑

ActiveControl is a very simple authorization solution with no dependencies. Each rule is stored in the class that grant permission. Other object can then check if they have access to a specific action via the can? method (or via cannot?).

Install¶ ↑

gem install active_control

Usage¶ ↑

The first thing to do is to include ActiveControl::Ability in the object which needs to check if it can perform an action on another object.

class User
  include ActiveControl::Ability
end

At the other end include ActiveControl::Authorization in the object that will give its “blessing” or not based on some internal rules defined by you. Rules are just normal methods you have to defined at the instance-level with a specific name. E.g. if an instance of the User:Class wants to update another object you have to define authorize_user_to_update? and make it returns a boolean.

class Page
  include ActiveControl::Authorization

  ...

  def authorize_user_to_update?(user)
    user.id == self.user_id
  end
end

Then you can do something like this

if @user.can? :update, @page
  @page.update_attributes(params[:page])
else
  ...
end

And that’s it. Simple uh!