RubyGems - role_based_authorization - Versions diffs - 0.1.0 - Mend

role_based_authorization 0.1.0

Files changed (13) hide show

data/.gitignore +2 -0
data/MIT-LICENSE +20 -0
data/README +150 -0
data/Rakefile +40 -0
data/VERSION +1 -0
data/lib/role_based_authorization.rb +2 -0
data/lib/role_based_authorization/authorization_logger.rb +7 -0
data/lib/role_based_authorization/role_based_authorization.rb +215 -0
data/rails/init.rb +2 -0
data/role_based_authorization.gemspec +52 -0
data/test/role_based_authorization_test.rb +86 -0
data/test/test_helper.rb +9 -0
metadata +67 -0

data/.gitignore ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ pkg
2	+ rdoc

data/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,20 @@
+Copyright (c) 2010 [name of plugin creator]
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README ADDED Viewed

@@ -0,0 +1,150 @@
+= RoleBasedAuthorization
+This plugin provide a very simple authorization system. It should work fine with
+most of the authentication plugins (and gems) out there, even though little testing
+has been done in this regard. There are a lot of similar plugin/gems and probably
+this is not better than any others (see for instance the)
+Installation:
+* install the plugin using:
+		---
+		---
+* in your application controller: include the module RoleBasedAuthorization:
+	class ApplicationController < ActionController::Base
+	  [...]
+	  include RoleBasedAuthorization
+	  [...]
+	end
+* in your controller classes: use the permission statements (described below) to grant and deny authorizations to the controller methods.
+The inclusion of RoleBasedAuthorization serves three purposes: it allows subclasses of the application controller to use the 'permit' method during their definition, it and provides an "authorized?" method that implements the authorization logic, and it creates an helper method to be used in views.
+== Requirements
+The plugin poses few and very reasonable constraints on your application. Namely, it requires:
+* that your controllers provide a 'current_user' method
+* that the user object (returned by the 'current_user' method)  implements the following two methods:
+  * role: returning the role of the current user; roles can be anything (I personally use integers). This is usually implemented by adding a 'role' column to your model.
+  * description: used for logging purposes
+== Permission statements
+You can specify your authorization logic by adding a number of 'permit' calls to your controllers. Permissions granted in a controller apply to all its subclasses. Since usually all controllers inherit from the application controller, this allows one to authorize all actions for the 'admin' role by telling it so in the application controller.
+An important thing to keep in mind is that the plugin assumes that EVERYTHING IS FORBIDDEN unless otherwise specified. Then, if you do not specify any permission rule, you will end up with a very secure (though useless) application.
+The permission statement takes the form:
+	permit 	:actions => [list of actions],
+			:to  => [list of roles],
+			:if  => lambda_expression,
+			:object_id => object_id_symbol
+you can add any number of these in anyone of your controller.
+permit options:
+<b>:to</b>::
+	the list of roles interested by this rule. The actual contents of this list depends on what your application defines to be a role. If you use integers, it could be a vector like [1,4] or as [ROOT, ADMIN], where ROOT and ADMIN are symbolic costants containing the corresponding integer values. You can specify all roles by specifying :all in place of the role list.
+<b>:actions</b>::
+	the list of actions that are permitted to the mentioned roles. Actions are actual method names of the current controller and can be given as symbols or as strings. For instance ['index', 'show'] is equivalent to [:index, :show]. You can grant access to all actions by specifying :all instead of the action list.
+<b>:if</b>::
+	a lambda expression that verifies additional conditions. The lambda expression takes two arguments: the current user and the id of an object. For instance you may want to verify that "normal" users could only modify objects that they own. You can say that by specifying:
+		permit :actions => [:edit, :update],
+			:to => [NORMAL],
+			:if => lambda { |user, obj_id| TheObject.find(obj_id).owner == user }
+<b>:object_id</b>::
+	normally the object id passed to the lambda expression of the :if option is retrieved from the params hash using :id (i.e. normally obj_id = params[:id]), you can specify other identifiers using this option, e.g.:
+		:object_id => :product_id
+	specifies that :product_id should be used instead of :id.
+== authorized?
+The plugin adds an authorized? method to your application controller. The method returns false if one of the following conditions occur:
+* your controller defines a logged_in? method and the method returns false
+* no permit rule matches the current settings
+== authorize_action?
+This is a more general version of :authorized?. The difference between the two is that authorized? uses the current environment (action called, controller name, etc.) to decide whether the current action is to be authorized, authorize_action? instead gets an hash of options containing an action name, a controller name, and some other optional parameters and returns if the specified action on the given controller is authorized for the current user (or for the user specified in the option hash).
+== if_authorized? helper method
+It often happens that parts of a view is to be displayed only if a given action is authorized. This clutters your view with code like:
+	if authorize_action?(:controller => xxx, :action => yyy) .... link_to 'zzz', :controller => xxx, :action => yyy end
+clearly there is a lot of duplication in this code. if_authorized? takes the same parameters as authorize_action? and a block. The block is called only if authorize_action? returns true and the parameters are passed to the block. This allows to clean up your view as follows:
+	if_authorized?(:controller => xxx, :action => yyy) do |opts|
+		...
+		link_to 'zzz', opts
+	end
+This works also if you use resource paths as in:
+	if_authorized?( edit_product_path ) do |opts|
+		link_to 'zzz', opts
+	end
+== Logging
+The authorization system logs each access attempt to RAILS_ROOT/log/authorization.log. If the log level is high enough, you will also view an explanation of what is happening and why.
+== Examples
+I usually add a Roles class to my project (I place it in the model directory even though it is not connected to any db table). It's definition is:
+	class Role
+	  # define below valid roles for your application
+	  ROLES = { :user => 1, :administrator => 2, :root => 3 }
+	  # call this function in your permit actions
+	  def Role.[](role)
+	    role = ROLES[role]
+	    raise "given role '#{role}' is not valid" if role.nil?
+	    return role
+	  end
+	end
+This allows me to write Role[:root] to specify the root role.
+Example 1: Grant all powers to the root role (this rule is usually found in your application controller)
+	permit :actions => :all, :to => Role[:root]
+Example 2: Grant view actions to normal users, edit actions to administrators
+	permit :actions => [:index, :show],
+		   :to => Role[:user]
+	permit :actions => [:edit, :update, :destroy],
+		   :to => Role[:admin]
+Example 3: Adding a rule to allow users to edit their own data (let us assume that the controller manages objects of type Product):
+	permit :actions => [:edit, :update],
+		   :to => Role[:user].
+		   :if => lambda { |user, obj_id| Product.find(obj_id).owner == user }
+Example 4: Let us assume that the current controller does not manage products, but that you want to check for the product owner anyway. In this case, the product id will not be passed as the :id object into your params hash and the above rule will fail. Amend this problem by telling the permit action how to retrieve the correct id:
+	permit :actions => [:edit, :update],
+		   :to => Role[:user].
+		   :if => lambda { |user, obj_id| Product.find(obj_id).owner == user },
+		   :object_id => :product_id
+Copyright (c) 2010 Roberto Esposito, released under the MIT license

data/Rakefile ADDED Viewed

@@ -0,0 +1,40 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+desc 'Default: run unit tests.'
+task :default => :test
+desc 'Test the role_based_authorization plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+desc 'Generate documentation for the role_based_authorization plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'RoleBasedAuthorization'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "role_based_authorization"
+    gemspec.summary = "Basic authorization module for rails"
+    gemspec.description = "Provides a simple DSL for specifying the authorization logic" +
+                          " of your application. Install the gem, add a role attribute" +
+                          " to your user model and your almost ready to go."
+    gemspec.email = "boborbt@gmail.com"
+    gemspec.homepage = "http://github.com/boborbt/role_based_authorization"
+    gemspec.authors = ["Roberto Esposito"]
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: gem install jeweler"
+end

data/VERSION ADDED Viewed

	@@ -0,0 +1 @@
1	+ 0.1.0

data/lib/role_based_authorization.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'role_based_authorization/authorization_logger.rb'
2	+ require 'role_based_authorization/role_based_authorization.rb'

data/lib/role_based_authorization/authorization_logger.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class AuthorizationLogger < Logger
+  AUTHORIZATION_SYSTEM_LOG_MSG_PREFIX = 'Auth |'
+  def format_message(severity, timestamp, progname, msg)
+      "#{AUTHORIZATION_SYSTEM_LOG_MSG_PREFIX} #{timestamp.to_formatted_s(:db)} #{severity} #{msg}\n"
+  end
+end

data/lib/role_based_authorization/role_based_authorization.rb ADDED Viewed

@@ -0,0 +1,215 @@
+module RoleBasedAuthorization
+  # AuthorizationLogger instance that is used throughout the plugin for logging
+  # events.
+  AUTHORIZATION_LOGGER = AuthorizationLogger.new(File.join(RAILS_ROOT,'log','authorization.log'))
+  module ClassMethods; end
+  # Fires when the module is included into the controllers. It adds all class methods
+  # defined in the ClassMethods sub-module and the authorize_action? and if_authorized?
+  # instance methods.
+  def self.included(klass)
+   klass.extend(ClassMethods)
+   klass.class_eval do
+     helper_method :authorize_action?
+     helper_method :if_authorized?
+   end
+  end
+  # Defines the class methods that are to be added to the application controller
+  module ClassMethods
+    # Returns the set of rules defined on this controller
+    def role_auth_rules
+      @@rules||={}
+      @@rules
+    end
+    # Defines the DSL for the authorization system. The syntax is:
+    #   permit  :actions => [list of actions],
+    #       :to  => [list of roles],
+    #       :if  => lambda_expression,
+    #       :object_id => object_id_symbol
+    #
+    # you can add any number of these in anyone of your controller.
+    #
+    # options:
+    #
+    # <b>:to</b>::
+    #   the list of roles interested by this rule. The actual contents of this list depends on what your application defines to be a role. If you use integers, it could be a vector like [1,4] or as [ROOT, ADMIN], where ROOT and ADMIN are symbolic costants containing the corresponding integer values. You can specify all roles by specifying :all in place of the role list.
+    #
+    # <b>:actions</b>::
+    #   the list of actions that are permitted to the mentioned roles. Actions are actual method names of the current controller and can be given as symbols or as strings. For instance ['index', 'show'] is equivalent to [:index, :show]. You can grant access to all actions by specifying :all instead of the action list.
+    #
+    # <b>:if</b>::
+    #   a lambda expression that verifies additional conditions. The lambda expression takes two arguments: the current user and the id of an object. For instance you may want to verify that "normal" users could only modify objects that they own. You can say that by specifying:
+    #     permit :actions => [:edit, :update],
+    #       :to => [NORMAL],
+    #       :if => lambda { |user, obj_id| TheObject.find(obj_id).owner == user }
+    #
+    # <b>:object_id</b>::
+    #   normally the object id passed to the lambda expression of the :if option is retrieved from the params hash using :id (i.e. normally obj_id = params[:id]), you can specify other identifiers using this option, e.g.:
+    #     :object_id => :product_id
+    #   specifies that :product_id should be used instead of :id.
+    def permit options
+      options[:controller] ||= controller_name
+      controller = options[:controller]
+      role_auth_rules[controller] ||= {}
+      if options[:actions] == :all
+        role_auth_rules[controller][:all] ||= []
+        role_auth_rules[controller][:all] << RoleBasedAuthorization::Rule.new(options[:to], options[:if], options[:object_id])
+        return
+      end
+      options[:actions].each do |action|
+        action = action.to_s  # this allows for both symbols and strings to be used for action names
+        role_auth_rules[controller][action] ||= []
+        role_auth_rules[controller][action] << RoleBasedAuthorization::Rule.new(options[:to], options[:if], options[:object_id])
+      end
+    end
+  end
+  # Model an authorization rule. A rule is a triplet: <roles, cond, object_id>
+  # a rule match if the user role is in roles and cond (if not nil) is satisfied when objects
+  # are retrieved using object_id.
+  class Rule
+    # rule initialization. roles is mandatory, cond is optional, object_id defaults
+    # to :id if nil.
+    def initialize roles, cond, object_id
+      roles = [roles] unless roles.respond_to? :each
+      @roles = roles
+      @cond = cond
+      @object_id = object_id || :id
+    end
+    # return true if this rule matches the given user and objects
+    def match(user, objects)
+      AUTHORIZATION_LOGGER.debug('trying '+self.inspect)
+      matching = @roles.include?(:all)
+      # checking for right role (no need to check them if already matching)
+      matching = !@roles.find { |role| role == user.role }.nil? if !matching
+      if @cond.nil?
+        return matching
+      else
+        # to have a proper match, also the condition must hold
+        return matching && @cond.call(user,objects[@object_id])
+      end
+    end
+    # string representation for this rule
+    def inspect
+      str =  "rule(#{self.object_id}): allow roles [" + @roles.join(',') + "]"
+      str += " (only under condition object_id will be retrieved using '#{@object_id}')" if @cond
+      str
+    end
+  end
+  # Main authorization logic. opts is an hash with the following keys
+  # :user, :controller, :action:: self explanatory
+  # :ids:: id to be used to retrieve relevant objects
+  def authorize_action? opts = {}
+    if defined?(logged_in?) && !logged_in?
+      AUTHORIZATION_LOGGER.info("returning false (not logged in)")
+      return false
+    end
+    opts[:ids] ||= {}
+    opts[:ids].reverse_merge!( opts.reject { |k,v| k.to_s !~ /(_id\Z)|(\Aid\Z)/ } )
+    if opts[:user].nil? && defined?(current_user)
+      opts[:user] = current_user
+    end
+    if opts[:controller].nil? && defined?(controller_name)
+      opts[:controller] = controller_name
+    end
+    AUTHORIZATION_LOGGER.info("user %s requested access to method %s:%s using ids:%s" %
+        [ opts[:user] && opts[:user].description + "(id:#{opts[:user].id} role:#{opts[:user].role})" || 'none',
+          opts[:controller],
+          opts[:action],
+          opts[:ids].inspect])
+    rules = self.class.role_auth_rules
+    AUTHORIZATION_LOGGER.debug("current set of rules: %s" % [rules.inspect])
+    ([opts[:controller]] | ['application']).each do |controller|
+      if( !controller.blank? && rules[controller].nil? )
+        # tries to load the controller. Rails automagically loads classes if their name
+        # is used anywhere. By trying to constantize the name of the controller, we
+        # force rails to load it.
+        controller_klass = (controller.to_s+'_controller').camelize.constantize
+      end
+      AUTHORIZATION_LOGGER.debug("current controller: %s" % [controller])
+      [:all, opts[:action]].each do |action|
+        AUTHORIZATION_LOGGER.debug('current action: %s' % [action])
+        raise "Action should be a string -- not a #{action.class.name}!" if action!=:all && action.class!=String
+        next if rules[controller].nil? || rules[controller][action].nil?
+        if rules[controller][action].find { |rule| rule.match(opts[:user], opts[:ids]) }
+          AUTHORIZATION_LOGGER.info('returning true (access granted)')
+          return true
+        end
+      end
+    end
+    AUTHORIZATION_LOGGER.info('returning false (access denied)')
+    return false
+  end
+  # This is a helper method that provides a conditional execution syntax for
+  # a block of code. It is mainly useful because in most cases the same options
+  # that are needed for the authorization are also needed for url generation.
+  # Since this method forward those options to the block, it allows to write
+  # something like:
+  #   if_authorized? {:controller => xxx, :action => yyy} {|opts| link_to('yyy', opts) }
+  # instead of:
+  #   if authorized_action? {:controller => xxx, :action => yyy}
+  #     link_to 'yyy', {:controller => xxx, :action => yyy}
+  #   end
+  #
+  # As an additional benefit, this method also accepts urls instead of parameter
+  # hashes. e.g.
+  #   if_authorized?( '/xxx/yyy' ) { |opts| link_to('yyy', opts) }
+  # this comes particularly handy when you use resource based url generation
+  # as in the case:
+  #   if_authorized?( edit_item_path ) { |opts| link_to('yyy', opts) }
+  def if_authorized? opts, &block
+    url_options = nil
+    if opts.class == String
+      path = opts
+      url_options = ActionController::Routing::Routes.recognize_path(path)
+    else
+      url_options = opts.dup
+    end
+    if authorize_action? url_options
+      block.call(opts)
+    end
+  end
+  # Returns true if the current user is authorized to perform the current action
+  # on the current controller. It is mainly used in a before_filter (usually
+  # the method implementing the authentication logic calls this method immediately
+  # after checking the validity of the credentials.)
+  def authorized?
+    authorize_action?     :controller => controller_name,
+                          :action => action_name,
+                          :ids => params.reject { |k,v| k.to_s !~ /(_id\Z)|(\Aid\Z)/ },
+                          :user => current_user
+  end
+end

data/rails/init.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ # Include hook code here
2	+ require 'role_based_authorization'

data/role_based_authorization.gemspec ADDED Viewed

@@ -0,0 +1,52 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{role_based_authorization}
+  s.version = "0.1.0"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Roberto Esposito"]
+  s.date = %q{2010-02-16}
+  s.description = %q{Provides a simple DSL for specifying the authorization logic of your application. Install the gem, add a role attribute to your user model and your almost ready to go.}
+  s.email = %q{boborbt@gmail.com}
+  s.extra_rdoc_files = [
+    "README"
+  ]
+  s.files = [
+    ".gitignore",
+     "MIT-LICENSE",
+     "README",
+     "Rakefile",
+     "VERSION",
+     "lib/role_based_authorization.rb",
+     "lib/role_based_authorization/authorization_logger.rb",
+     "lib/role_based_authorization/role_based_authorization.rb",
+     "rails/init.rb",
+     "role_based_authorization.gemspec",
+     "test/role_based_authorization_test.rb",
+     "test/test_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/boborbt/role_based_authorization}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Basic authorization module for rails}
+  s.test_files = [
+    "test/role_based_authorization_test.rb",
+     "test/test_helper.rb"
+  ]
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/test/role_based_authorization_test.rb ADDED Viewed

@@ -0,0 +1,86 @@
+require 'test_helper'
+require 'role_based_authorization'
+class DummyUser
+  def id()                  return (@id || 1) end
+  def id=(new_id)           @id = new_id end
+  def login()               return 'test'  end
+  def role()                return  @role end
+  def role=(new_role)       @role = new_role end
+  def description()         return "user" end
+end
+class DummyController < ActionController::Base
+  include RoleBasedAuthorization
+  def initialize()          return @user = DummyUser.new end
+  def logged_in?()          return true end
+  def current_user()        return @user end
+  def current_user=(user)   @user = user end
+  permit  :actions => 'very_low_security',
+          :to => :all
+  permit :actions => 'high_security',
+         :to => 3
+  permit :actions => 'medium_security',
+         :to => [2,3]
+  permit :actions => 'low_security_with_param',
+         :to => :all,
+         :if => lambda { |user, object|
+           # to simplify things we directly compare object with a string
+           # in real life, we probably want to retrieve the object value
+           # using the provided object. e.g.
+           #    Product.find(object).user == user
+           object == 'object_id'
+        }
+  permit :actions => 'low_security_with_param_identified_by_other_id',
+         :to => :all,
+         :if => lambda { |user, object| object == 'object_id' },
+         :object_id => :other_id
+end
+class RoleBasedAuthorizationTest < ActiveSupport::TestCase
+  def setup
+    @controller = DummyController.new
+  end
+  test "Should permit action very_low_security to everyone" do
+    assert_equal true, @controller.authorize_action?(:action => 'very_low_security')
+  end
+  test "Should permit action high_security only to root (role 3)" do
+    assert_equal false, @controller.authorize_action?(:action => 'high_security')
+    @controller.current_user.role=3
+    assert_equal true, @controller.authorize_action?(:action => 'high_security')
+  end
+  test "Should permit action medium_security only to roles 2 and 3" do
+    assert_equal false, @controller.authorize_action?(:action => 'medium_security')
+    @controller.current_user.role=2
+    assert_equal true, @controller.authorize_action?(:action => 'medium_security')
+    @controller.current_user.role=3
+    assert_equal true, @controller.authorize_action?(:action => 'medium_security')
+  end
+  test "Should permit action low_security_with_param only if the runtime check holds" do
+    assert_equal false, @controller.authorize_action?(:action => 'low_security_with_param')
+    assert_equal true, @controller.authorize_action?(:action => 'low_security_with_param',
+                                                     :id => 'object_id')
+  end
+  test "Should permit action low_security_with_param_identified_by_other_id only if the runtime check holds" do
+    assert_equal false, @controller.authorize_action?(:action => 'low_security_with_param_identified_by_other_id')
+    assert_equal true, @controller.authorize_action?(:action => 'low_security_with_param_identified_by_other_id',
+                                                     :other_id => 'object_id')
+  end
+end

data/test/test_helper.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require 'rubygems'
+require 'active_support'
+require 'active_support/test_case'
+ENV['RAILS_ENV'] = 'test'
+ENV['RAILS_ROOT'] ||= File.dirname(__FILE__) + '/../../../..'
+require 'test/unit'
+require File.expand_path(File.join(ENV['RAILS_ROOT'], 'config/environment.rb'))

metadata ADDED Viewed

@@ -0,0 +1,67 @@
+--- !ruby/object:Gem::Specification
+name: role_based_authorization
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Roberto Esposito
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2010-02-16 00:00:00 +01:00
+default_executable:
+dependencies: []
+description: Provides a simple DSL for specifying the authorization logic of your application. Install the gem, add a role attribute to your user model and your almost ready to go.
+email: boborbt@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README
+files:
+- .gitignore
+- MIT-LICENSE
+- README
+- Rakefile
+- VERSION
+- lib/role_based_authorization.rb
+- lib/role_based_authorization/authorization_logger.rb
+- lib/role_based_authorization/role_based_authorization.rb
+- rails/init.rb
+- role_based_authorization.gemspec
+- test/role_based_authorization_test.rb
+- test/test_helper.rb
+has_rdoc: true
+homepage: http://github.com/boborbt/role_based_authorization
+licenses: []
+post_install_message:
+rdoc_options:
+- --charset=UTF-8
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+requirements: []
+rubyforge_project:
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: Basic authorization module for rails
+test_files:
+- test/role_based_authorization_test.rb
+- test/test_helper.rb