Repository is archived
No commit activity in last 3 years
No release in over 3 years
Easy and simple access control.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.0.0
~> 1.5.1
>= 0

Runtime

~> 3.0.0
 Project Readme

Simple permissions¶ ↑

Simple permissions aims to make available a simple way to check for roles in Rails. This gem has been tested on Rails 3 only. If you use ‘:lib => false` and include the modules correctly it should work fine on rails 2.3.

Configuration¶ ↑

To configure you just need to change the config constants below:

<dl>

<dt>SimplePermissions::Config.current_user_method = :current_user</dt>
<dd>This sets the method which will be used inside simple permissions to get the logged user and check for roles.</dd>

<dt>SimplePermissions::Config.permissions_method = :permissions</dt>
<dd>This sets the name of the method from the user model which will be called to get the permissions.</dd>

<dt>SimplePermissions::Config.permission_type = :role</dt>
<dd>This sets the type of permission which will be used to check the user roles. Allowed types are `:role` and `:read_write`. Both types will be described below.</dd>

</dl>

Setup¶ ↑

Include in your Gemfile:

gem 'simple_permissions'

Run:

bundle install

In the user model include methods for authorization like the code bellow:

class User < ActiveRecord::Base
  include SimplePermissions::UserModelMethods
end

How it works¶ ↑

Model methods¶ ↑

The model methods included by the gem to check the user authorization expect the user model to respond to a ‘permissions` method that will return the user permissions according to the permission type defined.

Permission types¶ ↑

:role¶ ↑

Using this permission type, the ‘permissions` method from the user model should return an array of strings containing the code of the permissions, like the example below:

['CRUD_USER', 'CRUD_PROFILE']

The suggested models for this approach are the following:

<pre>

 ______          _________         _____________          ____________________
| User |________| Profile |_______| Permission  |________| PermissionCategory |
|______| N    1 |_________| N   M |_____________| N    1 |____________________|
                                  | code        |
                                  | description |
                                  |_____________|

</pre>

:read_write¶ ↑

Using this permission type, the ‘permissions` method from the user model should return an hash having the permission code as key and the literal string `r` or `w` as value, like the example below:

{'CRUD_USER' => 'w', 'CRUD_PROFILE' => 'r'}

The suggested models for this approach are the following:

 ______          _________         ___________________          _____________          ____________________
| User |________| Profile |_______| ProfilePermission |________| Permission  |________| PermissionCategory |
|______| N    1 |_________| 1   N |___________________| N    1 |_____________| N    1 |____________________|
                                  | read_write        |        | code        |
                                  |___________________|        | description |
                                                               |_____________|

Controllers¶ ↑

After installing the gem there will be two methods available for authorization: ‘has_permission` and `has_permission!`. Both receiving an array of permission codes or a hash depending on the permission type configured.

At controllers it is recommended to put a ‘has_permission!` call as the first line of each action to validate the user credentials.

class SampleController < ApplicationController
  def index
    has_permission!('CRUD_COMPANY')
    ...
  end
end

This credential check will raise an ‘SimplePermissions::AccessDeniedException` exception, so in order to capture nonauthorized actions it is recommended to include the following code in the application_controller.rb

class ApplicationController < ActionController::Base
  rescue_from SimplePermissions::AccessDeniedException do |exception|
    flash[:alert] = 'Access denied.'
    redirect_to :root
  end
end

Helpers¶ ↑

Both methods available for controllers are also available for the helpers, so you can use ‘has_permission` to show/hide stuff on views.

TODO¶ ↑

  • Generators for models, migrations for both permission types

  • Somehow authenticate routes

Contributing to simple_permissions¶ ↑

  • Check out the latest master to make sure the feature hasn’t been implemented or the bug hasn’t been fixed yet

  • Check out the issue tracker to make sure someone already hasn’t requested it and/or contributed it

  • Fork the project

  • Start a feature/bugfix branch

  • Commit and push until you are happy with your contribution

  • Make sure to add tests for it. This is important so I don’t break it in a future version unintentionally.

  • Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.

Copyright © 2010 Thiago Nuic Vidigal. See LICENSE.txt for further details.