Authorization-San
Authorization-san allows you to specify access policies in your controllers. The plugin assumes a number of things about the application.
-
If a user has authenticated with the application, it’s stored in
@authenticated
. The method of authentication doesn’t matter. It also doesn’t matter what you put in @authenticated, as long as it’s truthy. -
@authenticated
has either arole
attribute or a number of methods to query for the role:admin?
,editor?
,guest?
. When the@authenticated
object doesn’t have role methods you can’t use role based authentication rules, but the rest still works.
What does it look like?
class BooksController < ActionController::Base
# Visitors can see list of books and book pages
allow_access :all, :only => [:index, :show]
# An editor can create new books, but…
allow_access :editor, :only => [:new, :create]
# …she can only update her own books.
allow_access(:editor, :only => [:edit, :update]) { @book = @authenticated.books.find(params[:id]) }
# Admin users can do it all.
allow_access :admin
end
The best place to start learning more is the examples
directory in the source.