Tcs::Ldap::Permission Gem
An easy way to map LDAP groups to application roles
Installation
This supports Rails 4.2 and above.
Add this line to your application's Gemfile:
gem 'tcs-ldap-permission'
And then execute:
$ bundle
Or install it yourself as:
$ gem install tcs-ldap-permission
Usage
Add a config/ldap_perimissions.yml configuration file, e.g.
<%= Rails.env %>:
groups:
PAYROLL_LINK_KRONOS SEC:
- manage_job_codes
IS Directors:
- superuser
users:
[email protected]:
- approve_job_codes
In your User class, include the Tcs::Ldap::Permission module
class User
include Tcs::Ldap::Permission
...
Now you can check authorization in your controller
before_action :authorize!
...
def
unless current_user.can?(:manage_job_codes)
flash[:error] = I18n.t "devise.failure.unauthorized"
redirect_to(root_path)
end
end
Configuration
The config/ldap_perimissions.yml file specifies what actions are available to a group or user.
It is preferable to only use groups so that the config/ldap_perimissions.yml doesn't
need to be updated every time a person moves into or out of a role.
In situations where it doesn't make sense to create a group, you can specify individual
users by their login.
Development
After checking out the repo, run bin/setup to install dependencies.
Then, run rake test to run the tests.
You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install.
To release a new version, update the version number in version.rb, and then run bundle exec rake release,
which will create a git tag for the version, push git commits and tags,
and push the .gem file to rubygems.org.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/the-container-store/Tcs-Ldap-Permission-Gem.