Minimal authorization library inspired by RailsCast #385 Authorization from Scratch by Ryan Bates.
Guachiman allows you to store authorization rules as a tree of permissions nested within groups.
Permissions can be either true
or a block that takes an object. In that case the permission will
be the result of the block evaluation.
Add this line to your application's Gemfile
:
gem 'guachiman'
And then execute:
$ bundle
Or install it directly:
$ gem install guachiman
Describe your authorization objects in this way:
class Authorization
include Guachiman
def initialize(user = nil)
allow :sessions, :new, :create
allow :users, :show, :edit, :update do |user_id|
user && user.id == user_id
end
end
end
So that you can use them like this:
user = User.find(user_id)
guest_authorization = Authorization.new
user_authorization = Authorization.new(user)
guest_authorization.allow?(:sessions, :new)
# => true
user_authorization.allow?(:users, :show)
# => false
user_authorization.allow?(:users, :show, user.id)
# => true
This is what you use to set permissions. It takes two parameters, group
and permissions
, and an optional block.
This is what you use to check permissions. It takes a group
param, a permission
param, and an optional object
param to evaluate in the block.
MIT