Super simple authorization system for Rails. AuthorizeWhen provides a small DSL to write authorization rules in your controllers. Each rule can be declared using the authorize method and consists of a block that must evaluate to true otherwise a ForbiddenException will be thrown.

Use It

class  VideosController
  authorize :when_not => [:show, :index] { current_user.has_role? :administrator }


As a gem:

Add this line to your environment.rb:

 config.gem "authorize_when"

and then do

  rake gems:install

or just

  gem install authorize_when

As a plugin

  script/plugin install git://

Project Details


  • Add a forbid instance method that raise ForbiddenException
  • Add an “authorize with schema” feature that allows to group and reuse authorization rules
  • Provide a customizable default way to recover from ForbiddenException, eg. redirect to /404
  • Rescue from every exception in authorize block reraising a new ForbiddenException


Copyright © 2010 Maurizio Casimirri, released under the LGPL license.