A11n

A11n handles authorization for Rails controllers! It's simple to use and extend.

Installation

Add this line to your application's Gemfile:

gem "a11n"

And then execute:

$ bundle

Or install it yourself as:

$ gem install a11n

Usage

class Admin::ProductController < ApplicationController
  authorization_for :create, [:admin, :support_staff]
  authorization_for :destroy, [:admin]

  def create
    product = Production.new(product_params)
    authorize product
  end

  def destroy
    product = Production.find(params[:id])
    authorize product
  end
end

class CommentsController < ApplicationController
  authorization_for :destroy, [:belongs_to_user?, :admin?, :moderator?]

  def destroy
    comment = Comment.find(params[:id])
    authorize comment
  end
end

class AdminPolicy < A11n::BasePolicy
  def authorized?
    user.admin?
  end
end

class BelongsToUserPolicy < A11n::BasePolicy
  def authorized?
    record.user == user
  end
end

Advanced Usage

class CommentUpvotesController < ApplicationController
  authorization_for :create, [:confirmed_user?]
  authorization_for :create, -> { !BLACKLISTED_IPS.inclue?(request.ip)}

  def create
    upvote = CommentUpvote.new(upvote_params)
    authorize upvote # authorizes the upvote if it
    return unauthorized_action
    # do work
  end
end

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/stevendanils/a11n.