rolerequirement - Clean role-based security for restful_authentication (or acts_as_authenticated)

Project Information

Activity Low
Project feeds
Code license
MIT License
Labels
rails, authentication, rubyonrails, plugin

Members

timchar...@gmail.com

1 committer

Featured

Wiki pages

Links

External links
Other Plugins by Author
Groups
General discussion / support

NOTE: I am no longer maintaining this project. Please see the note on the github page (http://github.com/timcharper/role_requirement) for more information.

Thanks, Tim

Summary

RoleRequirement focuses on a simple approach to role-based authentication. You don't have to learn a new language in order to specify roles; instead, RoleRequirement leverages the power of !Ruby to strike a marvelous balance between simplicity and flexibility.

Features:

A user can have many roles or one role
Full test helpers to make it easy to test your controllers. (examples here)
Squeaky clean implementation - don't repeat yourself!
Code generators: spend more time coding and less time wading through installation instructions.

Usage

Steps to using as easy as 1, 1.5, 2, 3!

1. Install restful_authentication and role_requirement

Install restful_authentication as usual, running your usual 'script/generate authenticated user sessions'.

script/plugin install git://github.com/technoweenie/restful-authentication.git

script/generate authenticated user sessions

To install role_requirement:

script/plugin install git://github.com/timcharper/role_requirement.git

2. Run the generator

  script/generate roles Role User

_{(where User is the name of your user model, and Role is the name of the roles model to create.)}

Note: You'll need to run rake db:migrate to actually modify the database

click here for a list of what the generators do

3. Define your role requirements in your controllers

Only allow administrators to access Users here.

class Admin::Users < ApplicationController
  require_role "admin"
  ...
end

Require contractor role for everything, and then require admin role to destroy, and only let contractors access listings they have access to:

class Admin::Listings < ApplicationController
  require_role "contractor"
  require_role "admin", :for => :destroy # don't allow contractors to destroy

  # leverage ruby to prevent contractors from updating listings they don't have access to.
  require_role "admin", :for => :update, :unless => "current_user.authorized_for_listing?(params[:id]) "
  ...
end


Other examples:

  require_role "admin", :for_all_except => :index # allow everyone to access index, but only admin can access the rest

  require_role "admin", :for_all_except => [:index, :show] # allow everyone to access show and index, but only admin can access the rest

Help

Here's how to get help

Browse the Documentation
Install the plugin, generate the rdoc's, and browse from there.
post an issue to the issue tracker
Fire off a message to the mailing list

Author

  Tim C. Harper - irb(main):001:0> ( 'tim_see_harperATgmail._see_om'.gsub('_see_', 'c').gsub('AT', '@') )

Other plugins by Tim Harper