Project

restrict

0.0
No release in over 3 years
Low commit activity in last 3 years
Simple access control dsl for controllers
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

> 3.0
 Project Readme

Restrict

A rails controller extension, that gives you the possibility to restrict access to your controller actions.

Specs Gem Version Code Climate Code Climate

Installation

gem 'restrict'

Compatibility

Works with rails 3+ (tested until 6) and ruby 2+ (tested until 3.0).

Usage

class GoodiesController < ApplicationController
  restrict :take
  restrict :delete, unless: :goodie_manager?

  def take
    # Grab a goodie
  end

  def delete
    # Remove all the goodies
  end

  private

  def goodie_manager?
    # Your domain implementation
  end
end

What that does:

  1. Any anonymous access to one of both methods will raise Restrict::LoginRequired
  2. If user_signed_in? the access to take is allowed
  3. If user_signed_in? but goodie_manager? returns false, then Restrict::AccessDenied will be raised
  4. If user_signed_in? and goodie_manager? is true, the access is allowed

Restrict all actions

restrict

This one will apply to all actions on this controller. It takes the unless option as well.

Restrict with specific object

One may pass on to a restrict call in a controller.

If on is set, it evaluates the given method. If it returns nil, it raises an error. If an object is returned, it will be send while evaluating the unless condition.

Example

class ItemController
  restrict :show, unless: :manager_of?, on: :load_item
  # read like: manager_of?(load_item), but obviously evaluated at runtime

  def show
  end

  private

  def manager_of?(item)
    current_user == item.manager
  end

  def load_item
    @item = Item.find(params[:id])
  end
end

Aliases for on are: of, object

Configuration

# Default is :user_signed_in?
Restrict.config.authentication_validation_method = :admin_session_exists?

You may set the method that is used to figure out whether a user is signed in or not to whatever you like, however it's default is :user_signed_in? which is the most common (devise) method in use.

Inheritance

A controller will respect all restrictions that are applied to its ancestors.

You may implement a set of rules in a BaseController and refine them in subclasses later on.

Please note: it is not possible yet to revert previously added restrictions, that means if a restriction on show is added in a class and another one in the subclass BOTH apply.

Contributing

You know how this works (WTFPL) and bonus points for feature branches!