Denied
A rails controller extension, that gives you the possibility to restrict access to your controller actions.
Installation
gem 'denied'
Compatibility
Works with rails 3 and 4 and all versions every ruby 2.
Usage
class GoodiesController < ApplicationController
restrict :take
restrict :delete, allow_if: :goodie_manager?
def take
# Grab a goodie
end
def delete
# Remove all the goodies
end
private
def goodie_manager?
# Your domain implementation
end
end
What that does:
- Any anonymous access to one of both methods will raise
Denied::LoginRequired
- If a
current_user
exists the access to take is allowed - If a
current_user
exists butgoodie_manager?
returns false, thenDenied::AccessDenied
will be raised - If a
current_user
exists andgoodie_manager?
is true, the access is allowed
Todos/Ideas
- make
current_user
configurable
Contributing
You know how this works and bonus points for feature branches!