Basic Authorization gem for rails based on RailsCast #385 Authorization from Scratch by Ryan Bates. Built on top of guachiman.
Add this line to your application's Gemfile:
gem 'guachiman-rails'
And then execute:
$ bundle
Or install it directly:
$ gem install guachiman-rails
Run rails g guachiman:install
This will generate a authorization.rb
file in app/models
.
Include Guachiman::Authorizable
in ApplicationController
and optionally implement a
current_user
method there (it defaults to nil
).
# app/controllers/application_controller.rb
include Guachiman::Authorizable
def current_user
@current_user ||= User.find_by_auth_token(cookies[:auth_token]) if cookies[:auth_token]
end
class UsersController < ApplicationController
skip_before_action :authorize, if: :admin?
# ...
private
def admin?
current_user && current_user.admin?
end
end
The default implementation is to raise Guachiman::UnauthorizedError
. You can rescue the error with a regular
Rails rescue_from
call or override the #unauthorized
method directly:
def unauthorized
if request.get? && !request.xhr?
session[:next] = request.url
redirect_to root_path, alert: t(:unauthorized)
else
render nothing: true, status: :unauthorized
end
end
Now you can describe your authorization object in this way:
class Authorization
include Guachiman
def initialize(current_user)
allow :sessions, :new, :create
allow :users, :new, :create
allow :users, :show, :edit, :update do |user|
current_user && current_user.id == user.id
end
end
end
The method #current_resource
will default to nil but you can override in the controllers:
class UsersController < ApplicationController
# ...
private
def current_resource
@user ||= User.find(params[:id]) if params[:id].present?
end
end
MIT