Denied
A rails controller extension, that gives you the possibility to restrict access to your controller actions.
Installation
gem 'denied'
Compatibility
Works with rails 3 and 4 and all versions every ruby 2.
Usage
“by class GoodiesController < ApplicationController restrict :take restrict :delete, allow_if: :goodie_manager?
def take # Grab a goodie end
def delete # Remove all the goodies end
private
def goodie_manager? # Your domain implementation end end
“
What that does: 1. Any anonymous access to one of both methods will raise Denied::LoginRequired
2. If a current_user
exists the access to take is allowed 3. If a current_user
exists but goodie_manager?
returns false, then Denied::AccessDenied
will be raised 4. If a current_user
exists and goodie_manager?
is true, the access is allowed
Todos/Ideas
- make
current_user
configurable
Contributing
You know how this works and bonus points for feature branches!