My favorites | Sign in
Project Logo
             
People details
Project owners:
  timcharper
Project committers:
jbarket

Current version: 1.5 - Released June 12, 2008. See the ChangeLog.

Summary

RoleRequirement focuses on a simple approach to role-based authentication. You don't have to learn a new language in order to specify roles; instead, RoleRequirement leverages the power of !Ruby to strike a marvelous balance between simplicity and flexibility.

Features:

Usage

Steps to using as easy as 1, 1.5, 2, 3!

1. Install restful_authentication and role_requirement

Install restful_authentication as usual, running your usual 'script/generate authenticated user sessions'.

script/plugin install git://github.com/technoweenie/restful-authentication.git

script/generate authenticated user sessions 

To install role_requirement:

script/plugin install git://github.com/timcharper/role_requirement.git

2. Run the generator

  script/generate roles Role User 
(where User is the name of your user model, and Role is the name of the roles model to create.)

Note: You'll need to run rake db:migrate to actually modify the database

click here for a list of what the generators do

3. Define your role requirements in your controllers

Only allow administrators to access Users here.

class Admin::Users < ApplicationController
  require_role "admin"
  ...
end

Require contractor role for everything, and then require admin role to destroy, and only let contractors access listings they have access to:

class Admin::Listings < ApplicationController
  require_role "contractor"
  require_role "admin", :for => :destroy # don't allow contractors to destroy

  # leverage ruby to prevent contractors from updating listings they don't have access to.
  require_role "admin", :for => :update, :unless => "current_user.authorized_for_listing?(params[:id]) "
  ...
end


Other examples:

  require_role "admin", :for_all_except => :index # allow everyone to access index, but only admin can access the rest

  require_role "admin", :for_all_except => [:index, :show] # allow everyone to access show and index, but only admin can access the rest

Help

Here's how to get help

Author

  Tim C. Harper - irb(main):001:0> ( 'tim_see_harperATgmail._see_om'.gsub('_see_', 'c').gsub('AT', '@') )

Other plugins by Tim Harper









Hosted by Google Code