Denied

A rails controller extension, that gives you the possibility to restrict access to your controller actions.

Build Status Gem Version Code Climate Code Climate

Installation

gem 'denied'

Compatibility

Works with rails 3 and 4 and all versions every ruby 2.

Usage

class GoodiesController < ApplicationController
  restrict :take
  restrict :delete, allow_if: :goodie_manager?

  def take
    # Grab a goodie
  end

  def delete
    # Remove all the goodies
  end

  private

  def goodie_manager?
    # Your domain implementation
  end
end

What that does:

  1. Any anonymous access to one of both methods will raise Denied::LoginRequired
  2. If a current_user exists the access to take is allowed
  3. If a current_user exists but goodie_manager? returns false, then Denied::AccessDenied will be raised
  4. If a current_user exists and goodie_manager? is true, the access is allowed

Todos/Ideas

  • make current_user configurable

Contributing

You know how this works and bonus points for feature branches!