Project

turnstile

0.0
No commit activity in last 3 years
No release in over 3 years
turnstilemilare/turnstileHomepageDocumentationSource CodeBug TrackerWiki
Simple authorization for rails
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
8,153
Stars
2
Forks
0
Watchers
1
 Releases
Current version
0.1.1
Total releases
2
First release
2010-08-25
Latest release
2010-08-25
 Development
Primary Language
Ruby
Average date of last 50 commits
2010-08-24
Reverse Dependencies
0

 Dependencies
 Project Readme

Turnstile is a simple authorization module. With turnstile you’ll be able to define rules for each role to access your controllers and views.

Roles, Rules and Privileges¶ ↑

You can define all roles, all rules and all privileges in the config file, placed in config/initializers/turnstile.rb

Privileges¶ ↑ 

privilege :read do
   allows_to :show, :index
   denies_to :destroy, :create
end

privilege :manage do
  allows_to :create, :new
  allows_to :destroy
end

Rules to Roles¶ ↑ 

role :reader do
  can :read => :posts
  can :read => :comments
end

role :admin do
  inherits :reader
  can :manage => :posts
end

The Default Role¶ ↑

You need to set a role to be used when the current user has no role

default_is :reader

An example of config file can be found in config/initializers/turnstile.rb in this repo.

The User Model¶ ↑

So far it is hardcoded, so you need a string column called

user_role

For example, using Active Record, in your migration, put:

t.string :user_role

or for Mongoid:

field :user_role

and be sure to have a method that returns the current user using

current_user

Authorization makes more sense when used with authentication, the most authentication libs have a method called current_user that returns the current user. dah =/ So you probably won’t need to do that, but if you need to, Turnstile also can verify user permission trough…

Thread.current['current_user'] = User...

So set it and have fun, otherwise, the default role will always be set.

Controllers¶ ↑

For each controller that you want to monitorate just call:

before_filter :verify_role_permissions!

Views¶ ↑

To access the current role in your views use

current_role

Then for example, you can check its permissions with

current_role.is_allowed_to? :create, :posts

Demonstration¶ ↑

There is something that i call blongloid !lol! in my repos. Blongoid is a blog prototype using Rails 3, Mongoid, Devise and Turnstile.

You can check there some using of Turnstile.