|
|
Rails 2.0 Ready!
Current version: 1.3.2 - Released November 20, 2007. See the ChangeLog.
Upgrading from 1.2? Click here to find out how? (and to find out if you were using 1.2)
Summary
RoleRequirement focuses on a simple approach to role-based authentication. You don't have to learn a new language in order to specify roles; instead, RoleRequirement leverages the power of Ruby to strike a marvelous balance between simplicity and flexibility.
Features:
- A user can have many roles or one role
- Full Test Helpers to make it easy to test your controllers. (examples here)
- Squeaky Clean implementation - don't repeat yourself!
- Code generators: spend more time coding and less time wading through installation instructions.
Usage
Steps to using as easy as 1, 1.5, 2, 3!
1. Install restful_authentication and role_requirement
Install restful_authentication as usual, running your usual 'script/generate authenticated user sessions'.
script/plugin install http://svn.techno-weenie.net/projects/plugins/restful_authentication/ script/generate authenticated user sessions
To install role_requirement:
script/plugin install http://rolerequirement.googlecode.com/svn/tags/role_requirement/
2. Run the generator
Do ONE of the following
- If you want a user to have many roles:
script/generate roles Role User
(where User is the name of your user model, and Role is the name of the roles model to create.)
- If you want a user to only have one role
script/generate role User
(where User is the name of your user model)
Note: You'll need to run rake db:migrate to actually modify the database
click here for a list of what the generators do
3. Define your role requirements in your controllers
Only allow administrators to access Users here.
class Admin::Users < ApplicationController require_role "admin" ... end
Require contractor role for everything, and then require admin role to destroy, and only let contractors access listings they have access to:
class Admin::Listings < ApplicationController require_role "contractor" require_role "admin", :for => :destroy # don't allow contractors to destroy # leverage ruby to prevent contractors from updating listings they don't have access to. require_role "admin", :for => :update, :unless => "current_user.authorized_for_listing?(params[:id]) " ... end Other examples: require_role "admin", :for_all_except => :index # allow everyone to access index, but only admin can access the rest require_role "admin", :for_all_except => [:index, :show] # allow everyone to access show and index, but only admin can access the rest
Help
Here's how to get help
- Browse the documentation
- Install the plugin, generate the rdoc's, and browse from there.
- post an issue to the issue tracker
- Fire off a message to the mailing list
Author
Tim C. Harper - irb(main):001:0> ( 'tim_see_harperATgmail._see_om'.gsub('_see_', 'c').gsub('AT', '@') )
