TheRole management web interface |
---|
http://rubygems.org/gems/the_role
- I need for your feedback and issues
- How to start development process
Read How to start development process manual for running specs
Semantic - the science of meaning. Human should fast to understand what is happening in a role system.
Look at next Role hash. If you can understand access rules - this authorization system is semantically.
role = {
'pages' => {
'index' => true,
'show' => true,
'new' => false,
'edit' => false,
'update' => false,
'destroy' => false
},
'articles' => {
'index' => true,
'show' => true
},
'twitter' => {
'button' => true,
'follow' => false
}
}
Usually, we use real names of controllers and actions for names of sections and rules:
current_user.has_role?(:pages, :show)
But, also, you can use virtual names of sections, and virtual names of section's rules.
current_user.has_role?(:twitter, :button)
current_user.has_role?(:facebook, :like)
And you can use them as well as other access rules.
gem 'the_role'
bundle
Add role_id:integer field to your User Model
def self.up
create_table :users do |t|
t.string :login, :null => false
t.string :email, :default => nil
t.string :crypted_password, :default => nil
t.string :salt, :default => nil
t.integer :role_id, :default => nil
t.timestamps
end
end
rails g model role --migration=false
rake the_role_engine:install:migrations
rake db:create && rake db:migrate
rake db:roles:test
Example for Devise2
class ApplicationController < ActionController::Base
include TheRole::Requires
protect_from_forgery
def access_denied
render :text => 'access_denied: requires an role' and return
end
alias_method :login_required, :authenticate_user!
alias_method :role_access_denied, :access_denied
end
Define aliases method for correctly work TheRole's controllers
authenticate_user! or any other method from your auth system
access_denied or any other method for processing access denied situation
class PagesController < ApplicationController
# Devise2 and TheRole before_filters
before_filter :login_required, :except => [:index, :show]
before_filter :role_required, :except => [:index, :show]
before_filter :find_page, :only => [:edit, :update, :destroy]
before_filter :owner_required, :only => [:edit, :update, :destroy]
private
def find_page
@page = Page.find params[:id]
@ownership_checking_object = @page
end
end
owner_required method require @ownership_checking_object variable, with cheked object.
You should to define @ownership_checking_object before invoke of owner_required method.
<% if @user.has_role?(:twitter, :button) %>
Twitter Button is Here
<% else %>
Access Denied
<% end %>
class User
after_create :set_default_role
private
def set_default_role
self.role = Role.where(:name => :user).first
self.save
end
end
Administrator it's a user who can access any section and the rules of your application.
Administrator is the owner of any objects in your application.
Administrator it's a user, which has virtual section system and rule administrator in the role-hash.
admin_role_fragment = {
:system => {
:administrator => true
}
}
Moderator it's a user, which has access to any actions of some section(s).
Moderator is's owner of any objects of some class.
Moderator it's a user, which has a virtual section moderator, with section name as rule name.
There is Moderator of Pages (controller) and Twitter (virtual section)
moderator_role_fragment = {
:moderator => {
:pages => true,
:blogs => false,
:twitter => true
}
}
Administrator is owner of any object in system.
Moderator of pages is owner of any page.
User is owner of object, when Object#user_id == User#id.
Has a user an access to rule of section (action of controller)?
current_user.has_role?(:pages, :show) => true | false
current_user.has_role?(:blogs, :new) => true | false
current_user.has_role?(:articles, :edit) => true | false
Is it Moderator?
current_user.moderator?(:pages) => true | false
current_user.moderator?(:blogs) => true | false
current_user.moderator?(:articles) => true | false
Is it Administrator?
current_user.admin? => true | false
Is it Owner of object?
current_user.owner?(@page) => true | false
current_user.owner?(@blog) => true | false
current_user.owner?(@article) => true | false
# User's role
@role = current_user.role
# Find a Role by name
@role = Role.find_by_name(:user)
@role.has?(:pages, :show) => true | false
@role.moderator?(:pages) => true | false
@role.admin? => true | false
# Create a section of rules
@role.create_section(:pages)
# Create rule in section (false value by default)
@role.create_rule(:pages, :index)
@role.to_hash => Hash
# JSON string
@role.to_json => String
# JSON string
@role.to_s => String
# Incoming hash is true-mask-hash
# All rules of Role will be reset to false
# Only rules from true-mask-hash will be set on true
new_role_hash = {
:pages => {
:index => true,
:show => true
}
}
@role.update_role(new_role_hash)
# set this rule on true
@role.rule_on(:pages, :index)
# set this rule on false
@role.rule_off(:pages, :index)
# delete a section
@role.delete_section(:pages)
# delete rule in section
@role.delete_rule(:pages, :show)