StrongActions
Access control for rails controller/action.
Installation
Add this line to your application's Gemfile:
gem 'strong_actions'
And then execute:
$ bundle
Or install it yourself as:
$ gem install strong_actions
Usage
Configuration
Suppose method "current_user" is available for controllers and views,
and user has an attribute called admin and only admin can modify resource "users",
then prepare config/acl.yml
current_user:
users:
new: admin?
create: admin?
edit: admin?
update: admin?
destroy: admin?
In above case, when a non-admin user try to access new_user_path for example, StrongActions::ForbiddenAction will be thrown.
if all actions are restricted in the same way, you can make a definition on controller level.
current_user:
users: admin?
controller definition can be namespaced.
current_user:
admin/users: admin?
if you have multiple controllers under a namespace, namespace can be used. ending with '/' indicates that it is for namespace 'admin' and not controller 'admin'.
current_user:
admin/: admin?
Handling error in controller
In application_controller.rb, the error should be rescued like
rescue_from StrongActions::ForbiddenAction do
render file: 'public/403.html', layout: false, status: :forbidden
end
In above case, all the forbidden accesses are handled by public/403.html.
Disabling forbidden link in view
In views, use helper method "available?" so that links for forbidden actions are not shown.
<%= link_to 'Add User' new_user_path if available?('users', 'new') %>
Contributing
- Fork it ( https://github.com/hybitz/strong_actions/fork )
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create a new Pull Request