AuthorizeWhen

Super simple authorization system for Rails. AuthorizeWhen provides a small DSL to write authorization rules in your controllers. Each rule can be declared using the authorize method and consists of a block that must evaluate to true otherwise a ForbiddenException will be thrown.

Use It


class  VideosController
  authorize :when_not => [:show, :index] { current_user.has_role? :administrator }
end

Installation

As a gem:

Add this line to your environment.rb:


 config.gem "authorize_when"

and then do


  rake gems:install

or just


  gem install authorize_when

As a plugin


  script/plugin install git://github.com/mcasimir/authorize_when.git

Project Details

Roadmap

  • Add a forbid instance method that raise ForbiddenException
  • Add an “authorize with schema” feature that allows to group and reuse authorization rules
  • Provide a customizable default way to recover from ForbiddenException, eg. redirect to /404
  • Rescue from every exception in authorize block reraising a new ForbiddenException

Copyright

Copyright © 2010 Maurizio Casimirri, released under the LGPL license.