guachiman

Minimal authorization library inspired by RailsCast #385 Authorization from Scratch by Ryan Bates.

Guachiman allows you to store authorization rules as a tree of permissions nested within groups. Permissions can be either true or a block that takes an object. In that case the permission will be the result of the block evaluation.

Add this line to your application's Gemfile:

gem 'guachiman'

And then execute:

$ bundle

Or install it directly:

$ gem install guachiman

Describe your authorization objects in this way:

class Authorization
  include Guachiman

  def initialize(user = nil)
    allow :sessions, :new, :create

    allow :users, :show, :edit, :update do |user_id|
      user && user.id == user_id
    end
  end
end

So that you can use them like this:

user  = User.find(user_id)

guest_authorization = Authorization.new
user_authorization  = Authorization.new(user)

guest_authorization.allow?(:sessions, :new)
# => true

user_authorization.allow?(:users, :show)
# => false

user_authorization.allow?(:users, :show, user.id)
# => true

This is what you use to set permissions. It takes two parameters, group and permissions, and an optional block.

This is what you use to check permissions. It takes a group param, a permission param, and an optional object param to evaluate in the block.

MIT