0.0
Low commit activity in last 3 years
A long-lived project that still receives updates
access control for rails controller/action
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 12.0
~> 5.25
~> 2.0

Runtime

>= 5.2, < 7
>= 5.2, < 7
>= 5.2, < 7
 Project Readme

StrongActions

Access control for rails controller/action.

Installation

Add this line to your application's Gemfile:

gem 'strong_actions'

And then execute:

$ bundle

Or install it yourself as:

$ gem install strong_actions

Usage

Configuration

Suppose method "current_user" is available for controllers and views,

and user has an attribute called admin and only admin can modify resource "users",

then prepare config/acl.yml

current_user:
  users:
    new: admin?
    create: admin?
    edit: admin?
    update: admin?
    destroy: admin?

In above case, when a non-admin user try to access new_user_path for example, StrongActions::ForbiddenAction will be thrown.

if all actions are restricted in the same way, you can make a definition on controller level.

current_user:
  users: admin?

controller definition can be namespaced.

current_user:
  admin/users: admin?

if you have multiple controllers under a namespace, namespace can be used. ending with '/' indicates that it is for namespace 'admin' and not controller 'admin'.

current_user:
  admin/: admin?

Handling error in controller

In application_controller.rb, the error should be rescued like

rescue_from StrongActions::ForbiddenAction do
  render file: 'public/403.html', layout: false, status: :forbidden
end

In above case, all the forbidden accesses are handled by public/403.html.

Disabling forbidden link in view

In views, use helper method "available?" so that links for forbidden actions are not shown.

<%= link_to 'Add User' new_user_path if available?('users', 'new') %>

Contributing

  1. Fork it ( https://github.com/hybitz/strong_actions/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request