Heimdallr Resource
Heimdallr Resource is a gem which provides CanCan-like interface for writing secure controllers on top of Heimdallr-protected models.
class CricketController < ApplicationController
include Heimdallr::Resource
# or set the name explicitly:
#
# load_and_authorize_resource :resource => :cricket
# if nested:
#
# routes.rb:
# resources :categories do
# resources :crickets
# end
#
# load_and_authorize_resource :through => :category
def index
# @crickets is loaded and secured here
end
end
Overview
API of Heimdallr Resource basically consists of two methods, load_resource
and authorize_resource
.
Both work by adding a filter in standard Rails filter chain and obey the :only
and :except
options.
load_resource
loads a record or scope and wraps it in a Heimadllr proxy. For index
action, a scope is
loaded. For show
, new
, create
, edit
, update
and destroy
a record is loaded. No further action
is performed by Heimdallr Resource.
authorize_resource
verifies if the current security context allows for creating or updating the records.
The checks are performed for new
, create
, edit
and update
actions.
Credits
- Peter Zotov (@whitequark)
- Boris Staal (@_inossidabile)
LICENSE
It is free software, and may be redistributed under the terms of MIT license.