authorize_me
authorize_me is a gem for Rails to handle simple role-based authorization. It is similar in style to can-can. The largest difference is that authorization rules are defined in the model they protect rather than one centralized location.
Set up the user model
Tell the gem which model to treat as the “user”.
class User
end
The following methods are generated:
User#can_create?(obj)
User#can_read?(obj)
User#can_update?(obj)
User#can_destroy?(obj)
Each of these methods can take a model class, instance, or symbol.
The user model is expected to have a role method that returns a string or symbol. It could be a DB column or a method you define. Here is an example:
def role
if admin?
:admin
else
user_type
end
end
Declare authorization rules
Authorization rules are declared in each model where they apply
class Article
do |role|
role.admin :can => :manage
role.publisher :can => :manage, :if => :author?
role.publisher :can => [:read, :create]
role.any :can => :read
end
end
In this example a publisher can always read and create articles, but they can only manage articles for which they are the author.
This declaration assumes there is an Article#author? method which takes a user argument and returns a boolean.
:manage is shorthand for [:create, :read, :update, :destroy]
In your controllers
The unauthorized! method simply raises an AuthorizeMe::Unauthorized exception for you to handle as you choose.
def show
@article = Article.find(params[:id])
unless current_user.can_read?(@article)
end
In your views
<% if current_user.can_update?(@article) %>
<%= link_to 'edit', edit_article_path(@article) %>
<% end %>
Copyright © 2010 Adam McCrea, released under the MIT license