AuthorizeWhen

Super simple authorization system for Rails. AuthorizeWhen provides a small DSL to write authorization rules in your controllers. Each rule can be declared using the authorize method and consists of a block that must evaluate to true otherwise a ForbiddenException will be thrown.

Use It

class  VideosController
  authorize :when_not => [:show, :index] { current_user.has_role? :administrator }
end

Installation

As a gem:

Add this line to your environment.rb:

 config.gem "authorize_when"

and then do

  rake gems:install

or just

  gem install authorize_when

As a plugin

  script/plugin install git://github.com/mcasimir/authorize_when.git

Project Details

Roadmap

• Add a forbid instance method that raise ForbiddenException
• Add an “authorize with schema” feature that allows to group and reuse authorization rules
• Provide a customizable default way to recover from ForbiddenException, eg. redirect to /404
• Rescue from every exception in authorize block reraising a new ForbiddenException

Copyright

Copyright © 2010 Maurizio Casimirri, released under the LGPL license.