rolerequirement - Project Hosting on Google Code

Code license:	MIT License
Labels:	rails, authentication, rubyonrails, plugin

Show all Featured wiki pages:
CompaniesUsingRoleRequirement Documentation

Links:	Other Plugins by Author
Feeds:	Project feeds
Groups:	General discussion / support

People details

Project owners:
	timcharper
Project committers:
	jbarket

Current version: 1.5 - Released June 12, 2008. See the ChangeLog.

Summary

RoleRequirement focuses on a simple approach to role-based authentication. You don't have to learn a new language in order to specify roles; instead, RoleRequirement leverages the power of !Ruby to strike a marvelous balance between simplicity and flexibility.

Features:

A user can have many roles or one role
Full test helpers to make it easy to test your controllers. (examples here)
Squeaky clean implementation - don't repeat yourself!
Code generators: spend more time coding and less time wading through installation instructions.

Usage

Steps to using as easy as 1, 1.5, 2, 3!

1. Install restful_authentication and role_requirement

Install restful_authentication as usual, running your usual 'script/generate authenticated user sessions'.

script/plugin install git://github.com/technoweenie/restful-authentication.git

script/generate authenticated user sessions

To install role_requirement:

script/plugin install git://github.com/timcharper/role_requirement.git

2. Run the generator

  script/generate roles Role User

_{(where User is the name of your user model, and Role is the name of the roles model to create.)}

Note: You'll need to run rake db:migrate to actually modify the database

click here for a list of what the generators do

3. Define your role requirements in your controllers

Only allow administrators to access Users here.

class Admin::Users < ApplicationController
  require_role "admin"
  ...
end

Require contractor role for everything, and then require admin role to destroy, and only let contractors access listings they have access to:

class Admin::Listings < ApplicationController
  require_role "contractor"
  require_role "admin", :for => :destroy # don't allow contractors to destroy

  # leverage ruby to prevent contractors from updating listings they don't have access to.
  require_role "admin", :for => :update, :unless => "current_user.authorized_for_listing?(params[:id]) "
  ...
end


Other examples:

  require_role "admin", :for_all_except => :index # allow everyone to access index, but only admin can access the rest

  require_role "admin", :for_all_except => [:index, :show] # allow everyone to access show and index, but only admin can access the rest

Help

Here's how to get help

Browse the Documentation
Install the plugin, generate the rdoc's, and browse from there.
post an issue to the issue tracker
Fire off a message to the mailing list

Author

  Tim C. Harper - irb(main):001:0> ( 'tim_see_harperATgmail._see_om'.gsub('_see_', 'c').gsub('AT', '@') )

Other plugins by Tim Harper