Project

menace

0.0
No release in over a year
Make it easier to authenticate Active Storage blobs.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 2.0
~> 1.4

Runtime

>= 7.0.4
 Project Readme

Menace

POC for Active Storage blob authentication that's real simple to set up.

Credit rails/rails#41505 (comment)

Usage

First define the Menace::Current.resource a Current attribute, inside your controller. This object is passed into the authorize_blob to authenticate the resource.

Setup your active storage model, for example:

class User < ApplicationRecord
  has_one_attached :avatar
  has_one_attached :cover_photo
  has_many_attached :documents
end

Then define your authorization for the entire User class or for each attachment.

class User < ApplicationRecord
  has_one_attached :avatar
  has_one_attached :cover_photo
  has_many_attached :documents

  def authorize_blob?(accessor)
    # your logic here or return true
    true
  end
end

When a blob of any of the types (avatar, cover_photo of documents) is accessed, it will be authorized.

To setup different authorization for different attachment types:

class User < ApplicationRecord
  has_one_attached :avatar
  has_one_attached :cover_photo
  has_many_attached :documents

  def authorize_blob_avatar?(accessor)
    true
  end
end

Or mix and match, note the fallback method is authorize_blob? which is used in case a specific attachment method is not defined.

class User < ApplicationRecord
  has_one_attached :avatar
  has_one_attached :cover_photo
  has_many_attached :documents

  def authorize_blob_avatar?(accessor)
    true
  end

  def authorize_blob_documents?(accessor)
    false
  end

  def authorize_blob?(accessor)
    true
  end
end

Installation

Add this line to your application's Gemfile:

gem "menace"

And then execute:

$ bundle

Or install it yourself as:

$ gem install menace

Contributing

Contribution directions go here.

License

The gem is available as open source under the terms of the MIT License.