A port of this gem working on mongoid is now avaible.
This gem is a simple activerecord extention that allows any application using activerecord to manage permissions based roles.
Installation
Standard gem installation :
gem install rails-canhaz
Or in your Gemfile if you use bundler
gem 'rails-canhaz'
You then need to create a single table in order to make this gem to work
Here is the schema of this table, if you're using ruby on rails, you should create a migration :
create_table :can_haz_permissions do |t|
t.integer :csubject_id
t.string :csubject_type
t.integer :cobject_id
t.string :cobject_type
t.string :permission_name
end
add_index :can_haz_permissions, :csubject_id, :name => 'subject_id_ix'
add_index :can_haz_permissions, :cobject_id, :name => 'object_id_ix'
Or you can run this command to automatically create one:
rails g can_haz:install
How to use it ?
The rails-canhaz gem defines two static functions for ActiveRecord models which allow them to act as a subject or an object.
A subject has roles on objects.
Here is an example
class User < ActiveRecord::Base
acts_as_canhaz_subject
end
class Article < ActiveRecord::Base
acts_as_canhaz_object
end
Now our models are marked as canhaz subjects and objects, we have access to some handy functions :
user = User.find(42)
user2 = User.find(21)
article = Article.find(1337)
article2 = Article.find(784)
user.can?(:read, article) # Can the user read this article? false for now
user.can!(:read, article) # Ok, so the user can read this article
user.can!(:edit, article) # He can edit it as well
user.can?(:read, article) # Will be true
user.objects_with_permission(Article, :read) # Will return all the articles w/ read permissions for this user
User.objects_with_permission([user, user2], :read) # Will return all the articles w/ read permissions for these users
article.subjects_with_permission(User, :read) # Will return all the users hat are able to read this article
Article.subjects_with_permission([article, article2], User, :read) # Will return all the users that are able to read theses articles
#You can also remove permissions
user.cannot!(:read, article)
# Version 1.0.0 introduces global permissions :
user.can?(:haz_cheezburgers) # false
user.can!(:haz_cheezburgers)
user.can?(:haz_cheezburgers) # true
Changelog
- 1.0.0 (hurray !):
- Removing can and cannot deprecated functions (renamed to can! and cannot!)
- Adding global permissions for subjects
- 0.4.1 :
- Adding a rails migration generator thanks to Awea
- 0.4.0 :
- Aliasing can to can! and deprecating can
- Aliasing cannot to cannot! and deprecating cannot
- 0.3.0 :
- Removing rights from the database before destroying a subject or object model