Role Up
CanCan extension that adds some real-deal syntax and file organization lovin'!
Convention
Authorization definitions with CanCan quickly become verbose in complex
applications. By breaking them up per model and being able to depend on
a few common extras, we can drastically clean up our code. Let's look at
the following directory structure...
- app/
- abilities/
+ .rb
- controllers/
- etc...
As you can see, we've added a new folder to the app/ directory in our
project. Here, we'll create an ability file for each of our models that
need it to define our authorization abilities.
Ability Files
Here's an example ability file...
# app/abilities/widget_ability.rb
class WidgetAbility < Ability
define_rules :widget do |user|
can :manage , Widget , :user_id => user.id
end
end
The define_rules method accepts a block and yields the current user.
In this block, the standard CanCan ability definitions methods apply. If
you have a set of standard authorization rules, you can reopen the
provided Ability class and define a standard_rules block. Check
it...
# app/abilities/ability.rb
class Ability
standard_rules do |user|
if user.admin?
can :manage , :all
end
end
end
Standard rules will get evaluated last, and therefore take highest priority.
Model and Controller Helpers
The standard CanCan helpers apply.
Setup
You can configure the class that RoleUp will use to authorize with in
the gem's setup block. The default is :user. You can also pass class
constants or strings as opposed to a symbol e.g.
# app/initializers/role_up.rb
RoleUp.setup do |config|
config. = :cool_user # => CoolUser
# or
config. = CoolUser # => CoolUser
# or
config. = "cool_user" # => CoolUser
# or
config. = "my_namespace/cool_user" # => MyNamspace::CoolUser
# or
config. = "MyNamespace::CoolUser" # => MyNamspace::CoolUser
end