Project

may_may

0.0
No commit activity in last 3 years
No release in over 3 years
may_maywithout/may_mayHomepageDocumentationSource CodeBug TrackerWiki
Manage controller/action permissions easily in Rails. Returns 403 (Access Denied) unless current user has permission to perform the requested controller action. Easy syntax for use in views to check permission: may?(:action, :controller). Source at https://github.com/without/may_may.git
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
11,328
Stars
2
Forks
1
Watchers
0
 Releases
Current version
0.0.3
Total releases
3
First release
2012-07-19
Latest release
2012-07-19
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
1
Merged Pull Requests
2
Pull Request Acceptance Rate
50%
 Development
Primary Language
Ruby
Average date of last 50 commits
2016-02-06
Reverse Dependencies
0

 Dependencies

Development

sqlite3
>= 0

Runtime

rails
>= 3.2.2
 Project Readme

MayMay

Installation

gem install may_may

Usage

MayMay automatically restricts access to actions on all controllers and then allows you to specify permitted actions. Because an action is restricted by default, you will never accidentally allow all users access to a new action that should have been restricted. Permitted actions are all listed in one place (a May model) for ease of maintenance.

No need to name roles in your views

Simplify your views. Show/hide view elements based on intended action instead of current user's roles:

<% may? (:edit, :people) do %>
  <%= link_to 'only visible if user may edit people', edit_people_path %>
<% end %>

Create a model named "may":

# in app/models/may.rb

class May
  May.permission_setup do
    controller :people do
      may :index # anyone can execute the index action
      may :create, :only => [:administrator] # only the administrator may create a person
      may :edit, :except => [:guest] # everyone except guests may edit a person
      may [:new, :update] do
        # return true to allow these actions
        # block executed in controller's scope
      end
    end # :destroy was never mentioned and so is not permitted for anyone
  end
end

Add a role_names method to your User object

Here is a simple example setup:

# in app/models/role.rb

class Role
  # roles table should have a "name" column
end

# in app/models/user_role.rb

class UserRole
  has_many :roles
end

# in app/models/user.rb

class User
  has_many :user_roles
  has_many :roles, through: :user_roles

  def role_names
    roles.map {|role| role.name.to_sym }
  end
end

# in app/controllers/application_controller.rb

class ApplicationController < ActionController::Base
  def current_user
    @current_user ||= User.find(session[:user_id]) rescue nil
  end

  def current_user=(value)
    value ? session[:user_id] = value.id : session.delete(:id)
    @current_user = value
  end
end

The important thing is to return an array of roles that can be matched against the roles specified in your May model. Your array may contain whatever types you'd like -- strings, symbols, models. Symbols are probably most readable, however, hence the example above.

You could instead define permissions within the controller itself:

class UsersController
  may :index, only: [:some, :roles]
  may :show, method: [:may_show?]
end

In more depth

MayMay adds a few methods to ActionController::Base:

*** may (class method)

Define permissions in your controller instead of May model. Shortcut for May.may(self, ...)

Usage:

class SomeController < ApplicationController
  may :index, except: [:this_role]
end

*** current_roles

Returns current_user.role_names or empty array if current_user returns nil or is missing

*** has_role?

Check current_roles for a specific role.

Usage: if has_role? :some_role

*** may? (helper method)

Check for permission to perform an action.

Usage: if may? :action_name, :controller_name

Licence

MIT-LICENSE