Menace
POC for Active Storage blob authentication that's real simple to set up.
Credit rails/rails#41505 (comment)
Usage
First define the Menace::Current.resource
a Current attribute, inside your controller. This object is passed into the authorize_blob to authenticate the resource.
Setup your active storage model, for example:
class User < ApplicationRecord
has_one_attached :avatar
has_one_attached :cover_photo
has_many_attached :documents
end
Then define your authorization for the entire User class or for each attachment.
class User < ApplicationRecord
has_one_attached :avatar
has_one_attached :cover_photo
has_many_attached :documents
def authorize_blob?(accessor)
# your logic here or return true
true
end
end
When a blob of any of the types (avatar, cover_photo of documents) is accessed, it will be authorized.
To setup different authorization for different attachment types:
class User < ApplicationRecord
has_one_attached :avatar
has_one_attached :cover_photo
has_many_attached :documents
def authorize_blob_avatar?(accessor)
true
end
end
Or mix and match, note the fallback method is authorize_blob?
which is used in case a specific attachment method is not defined.
class User < ApplicationRecord
has_one_attached :avatar
has_one_attached :cover_photo
has_many_attached :documents
def authorize_blob_avatar?(accessor)
true
end
def authorize_blob_documents?(accessor)
false
end
def authorize_blob?(accessor)
true
end
end
Installation
Add this line to your application's Gemfile:
gem "menace"
And then execute:
$ bundle
Or install it yourself as:
$ gem install menace
Contributing
Contribution directions go here.
License
The gem is available as open source under the terms of the MIT License.