Restrict
A rails controller extension, that gives you the possibility to restrict access to your controller actions.
Installation
gem 'restrict'
Compatibility
Works with rails 3 and 4 and all versions every ruby 2.
Usage
class GoodiesController < ApplicationController
restrict :take
restrict :delete, unless: :goodie_manager?
def take
# Grab a goodie
end
def delete
# Remove all the goodies
end
private
def goodie_manager?
# Your domain implementation
end
end
What that does:
- Any anonymous access to one of both methods will raise
Restrict::LoginRequired
- If
user_signed_in?
the access to take is allowed - If
user_signed_in?
butgoodie_manager?
returns false, thenRestrict::AccessDenied
will be raised - If
user_signed_in?
andgoodie_manager?
is true, the access is allowed
Restrict all actions
restrict
This one will apply to all actions on this controller. It takes the unless
option as well.
Configuration
# Default is :user_signed_in?
Restrict.config.authentication_validation_method = :admin_session_exists?
You may set the method that is used to figure out whether a user is signed in or not to whatever you like, however it's default is :user_signed_in?
which is the most common (devise) method in use.
Contributing
You know how this works and bonus points for feature branches!