Restrict
A rails controller extension, that gives you the possibility to restrict access to your controller actions.
Installation
gem 'restrict'
Compatibility
Works with rails 3+ (tested until 6) and ruby 2+ (tested until 3.0).
Usage
class GoodiesController < ApplicationController
restrict :take
restrict :delete, unless: :goodie_manager?
def take
# Grab a goodie
end
def delete
# Remove all the goodies
end
private
def goodie_manager?
# Your domain implementation
end
end
What that does:
- Any anonymous access to one of both methods will raise
Restrict::LoginRequired
- If
user_signed_in?
the access to take is allowed - If
user_signed_in?
butgoodie_manager?
returns false, thenRestrict::AccessDenied
will be raised - If
user_signed_in?
andgoodie_manager?
is true, the access is allowed
Restrict all actions
restrict
This one will apply to all actions on this controller. It takes the unless
option as well.
Restrict with specific object
One may pass on
to a restrict
call in a controller.
If on
is set, it evaluates the given method.
If it returns nil, it raises an error.
If an object is returned, it will be send while evaluating the unless
condition.
Example
class ItemController
restrict :show, unless: :manager_of?, on: :load_item
# read like: manager_of?(load_item), but obviously evaluated at runtime
def show
end
private
def manager_of?(item)
current_user == item.manager
end
def load_item
@item = Item.find(params[:id])
end
end
Aliases for on
are: of
, object
Configuration
# Default is :user_signed_in?
Restrict.config.authentication_validation_method = :admin_session_exists?
You may set the method that is used to figure out whether a user is signed in or not to whatever you like, however it's default is :user_signed_in?
which is the most common (devise) method in use.
Inheritance
A controller will respect all restrictions that are applied to its ancestors.
You may implement a set of rules in a BaseController
and refine them in subclasses later on.
Please note: it is not possible yet to revert previously added restrictions, that means
if a restriction on show
is added in a class and another one in the subclass BOTH apply.
Contributing
You know how this works (WTFPL) and bonus points for feature branches!