permissify 0.0.27 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +37 -90
- metadata +6 -6
data/README.rdoc
CHANGED
|
@@ -4,17 +4,31 @@ Based on/inspired by CanCan {<img src="https://secure.travis-ci.org/ryanb/cancan
|
|
|
4
4
|
|
|
5
5
|
Wiki[https://github.com/rickfix/permissify/wiki] | RDocs[http://rdoc.info/projects/rickfix/permissify]
|
|
6
6
|
|
|
7
|
-
Permissify is an authorization library for Ruby on Rails which restricts what resources a given model (i.e. user) is,
|
|
7
|
+
Permissify is an authorization library for Ruby on Rails which restricts what resources a given model (i.e. user) is,
|
|
8
|
+
or combination of models (user and merchant) are, allowed to access.
|
|
8
9
|
|
|
9
10
|
Abilities are defined in a single location (the +Ability+ class).
|
|
10
11
|
|
|
11
|
-
If you wish to permissify users with a set of roles
|
|
12
|
+
If you wish to permissify users with a set of roles,
|
|
13
|
+
you 'permissify' the roles class and you specify
|
|
14
|
+
(through seeds, administration or some other mechanism) each role's permissions for each ability.
|
|
12
15
|
|
|
13
16
|
Permissify expects a user to have many and belong to roles.
|
|
14
|
-
The following interfaces must be supported...
|
|
15
17
|
|
|
18
|
+
In the system which this gem was extracted,
|
|
19
|
+
users where assigned many roles and
|
|
20
|
+
businesses where are assigned many products (or, more accurately, product bundles),
|
|
21
|
+
a dealer--corporation--brand--merchant hierarchy and a hierarchical product inheritance scheme existed.
|
|
22
|
+
|
|
23
|
+
In views, access to ability-restricted navigation was typically affected by checking,
|
|
24
|
+
(example is for merchant user admin) 'allowed_to?(:view, :merchant_user_admin)'.
|
|
25
|
+
|
|
26
|
+
Under the hood, at least one of the user's roles must have permission to view merchant user admin AND at least one of the merchant's products must also have permission to view merchant user admin.
|
|
27
|
+
|
|
28
|
+
Remember those Venn diagrams from 4th grade?
|
|
29
|
+
Permissify is performing unions and intersections for you.
|
|
30
|
+
It also allows you to specify if a particular ability is only governed by a single model (just role, just product or both role and product).
|
|
16
31
|
|
|
17
|
-
In the system which this gem was extracted, users where assigned many roles and businesses where are assigned many products (or, more accurately, product bundles). In views, access to ability-restricted navigation was typically affected by checking, (example is for merchant user admin) 'allowed_to?(:view, :merchant_user_admin)'. Under the hood, at least one of the user's roles must have permission to view merchant user admin AND at least one of the merchant's products must also have permission to view merchant user admin. Remember those Venn diagrams from 4th grade? Permissify is performing unions and intersections for you. It also allows you to specify if a particular abiltiy is only governed by a single model (role or product or ...).
|
|
18
32
|
|
|
19
33
|
|
|
20
34
|
== Installation
|
|
@@ -23,112 +37,45 @@ In <b>Rails 3</b>, add this to your Gemfile and run the +bundle+ command.
|
|
|
23
37
|
|
|
24
38
|
gem "permissify"
|
|
25
39
|
|
|
26
|
-
In <b>Rails 2</b>, add this to your environment.rb file.
|
|
27
|
-
|
|
28
|
-
config.gem "permissify"
|
|
29
|
-
|
|
30
40
|
|
|
31
41
|
== Getting Started
|
|
32
42
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
=== 1. Define Abilities
|
|
37
|
-
|
|
38
|
-
User permissions are defined in an +Ability+ class. Permissify x.y includes a Rails 3 generator for creating this class.
|
|
39
|
-
|
|
40
|
-
rails g permissify:ability
|
|
41
|
-
|
|
42
|
-
In Rails 2.3, just add a new class in `app/models/ability.rb` with the folowing contents:
|
|
43
|
-
|
|
44
|
-
class Ability
|
|
45
|
-
include Permissify::Ability
|
|
46
|
-
|
|
47
|
-
def initialize(user)
|
|
48
|
-
end
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
See {Defining Abilities}[https://github.com/rickfix/permissify/wiki/defining-abilities] for details.
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
=== 2. Check Abilities & Authorization
|
|
55
|
-
|
|
56
|
-
The current user's permissions can then be checked using the <tt>can?</tt> and <tt>cannot?</tt> methods in the view and controller.
|
|
57
|
-
|
|
58
|
-
<% if can? :update, @article %>
|
|
59
|
-
<%= link_to "Edit", edit_article_path(@article) %>
|
|
60
|
-
<% end %>
|
|
43
|
+
Use the following to get started:
|
|
61
44
|
|
|
62
|
-
|
|
45
|
+
The {permissify_example application}[https://github.com/rickfix/permissify_example]
|
|
63
46
|
|
|
64
|
-
The
|
|
47
|
+
{The Usage WIKI}[https://github.com/rickfix/permissify/wiki/Usage]
|
|
65
48
|
|
|
66
|
-
def show
|
|
67
|
-
@article = Article.find(params[:id])
|
|
68
|
-
authorize! :read, @article
|
|
69
|
-
end
|
|
70
49
|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
class ArticlesController < ApplicationController
|
|
74
|
-
load_and_authorize_resource
|
|
75
|
-
|
|
76
|
-
def show
|
|
77
|
-
# @article is already loaded and authorized
|
|
78
|
-
end
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
See {Authorizing Controller Actions}[https://github.com/rickfix/permissify/wiki/authorizing-controller-actions] for more information.
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
=== 3. Handle Unauthorized Access
|
|
85
|
-
|
|
86
|
-
If the user authorization fails, a <tt>Permissify::AccessDenied</tt> exception will be raised. You can catch this and modify its behavior in the +ApplicationController+.
|
|
87
|
-
|
|
88
|
-
class ApplicationController < ActionController::Base
|
|
89
|
-
rescue_from Permissify::AccessDenied do |exception|
|
|
90
|
-
redirect_to root_url, :alert => exception.message
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
See {Exception Handling}[https://github.com/rickfix/permissify/wiki/exception-handling] for more information.
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
=== 4. Lock It Down
|
|
98
|
-
|
|
99
|
-
If you want to ensure authorization happens on every action in your application, add +check_authorization+ to your ApplicationController.
|
|
100
|
-
|
|
101
|
-
class ApplicationController < ActionController::Base
|
|
102
|
-
check_authorization
|
|
103
|
-
end
|
|
50
|
+
== Wiki Docs
|
|
104
51
|
|
|
105
|
-
|
|
52
|
+
* {Home}[https://github.com/rickfix/permissify/wiki]
|
|
53
|
+
* {Lineage}[https://github.com/rickfix/permissify/wiki/Lineage]
|
|
54
|
+
* {Usage}[https://github.com/rickfix/permissify/wiki/Usage]
|
|
106
55
|
|
|
107
56
|
|
|
108
|
-
==
|
|
57
|
+
== Project Status
|
|
109
58
|
|
|
110
|
-
|
|
111
|
-
* {Defining Abilities}[https://github.com/rickfix/permissify/wiki/Defining-Abilities]
|
|
112
|
-
* {Checking Abilities}[https://github.com/rickfix/permissify/wiki/Checking-Abilities]
|
|
113
|
-
* {Authorizing Controller Actions}[https://github.com/rickfix/permissify/wiki/Authorizing-Controller-Actions]
|
|
114
|
-
* {Exception Handling}[https://github.com/rickfix/permissify/wiki/Exception-Handling]
|
|
115
|
-
* {Changing Defaults}[https://github.com/rickfix/permissify/wiki/Changing-Defaults]
|
|
116
|
-
* {See more}[https://github.com/rickfix/permissify/wiki]
|
|
59
|
+
Infancy?
|
|
117
60
|
|
|
61
|
+
Extracted from non-gem implementation of in-production {ProfitSteams}[http://profitstreams.com] system.
|
|
118
62
|
|
|
119
|
-
|
|
63
|
+
Implemented sample application.
|
|
120
64
|
|
|
121
|
-
|
|
65
|
+
Motivated (cycles permitting) to facilitate/accommodate the next permissified application.
|
|
122
66
|
|
|
123
67
|
|
|
124
68
|
== Questions or Problems?
|
|
125
69
|
|
|
126
|
-
If you have any issues with Permissify which you cannot find the solution to in the documentation[https://github.com/rickfix/permissify/wiki],
|
|
70
|
+
If you have any issues with Permissify which you cannot find the solution to in the documentation[https://github.com/rickfix/permissify/wiki],
|
|
71
|
+
please add an {issue on GitHub}[https://github.com/rickfix/permissify/issues]
|
|
72
|
+
or fork the project and send a pull request.
|
|
127
73
|
|
|
128
|
-
|
|
74
|
+
If I have time, I'll try to help.
|
|
129
75
|
|
|
130
76
|
|
|
131
|
-
==
|
|
77
|
+
== Attributions
|
|
132
78
|
|
|
133
|
-
|
|
79
|
+
{cancan}[https://github.com/ryanb/cancan] : our team's starting point in our authorization odyssey.
|
|
134
80
|
|
|
81
|
+
Conceptual articulation by Yaw Nyarko and Eric Rapp.
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: permissify
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 27
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
+
- 1
|
|
8
9
|
- 0
|
|
9
|
-
|
|
10
|
-
version: 0.0.27
|
|
10
|
+
version: 0.1.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Frederick Fix
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2012-07-
|
|
18
|
+
date: 2012-07-24 00:00:00 Z
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
21
21
|
name: rspec
|
|
@@ -48,7 +48,7 @@ dependencies:
|
|
|
48
48
|
version: "3.2"
|
|
49
49
|
type: :development
|
|
50
50
|
version_requirements: *id002
|
|
51
|
-
description:
|
|
51
|
+
description: An(other) Rails authorization solution which allows an app to aggregate and arbitrate authorization for permissions from multiple roles and multiple products (permissifed models).
|
|
52
52
|
email: rickfix80004@gmail.com
|
|
53
53
|
executables: []
|
|
54
54
|
|
|
@@ -165,6 +165,6 @@ rubyforge_project: permissify
|
|
|
165
165
|
rubygems_version: 1.8.24
|
|
166
166
|
signing_key:
|
|
167
167
|
specification_version: 3
|
|
168
|
-
summary:
|
|
168
|
+
summary: Multi-dimensional authorization solution for Rails.
|
|
169
169
|
test_files: []
|
|
170
170
|
|