Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Simple authorization/permission management in Ruby

License

NotificationsYou must be signed in to change notification settings

hopsoft/perm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Lines of CodeMaintainabilityBuild StatusCoverage StatusDownloads

Perm

Incredibly simple permission management i.e. authorization.

Quickstart

gem install perm

Setup

Let's create a simple example withusers &posts.

classUserattr_reader:roles,:postsdefinitialize(roles:[])@roles=roles@posts=[]endend
classPostattr_reader:user,:titleattr_accessor:publisheddefinitialize(user:,title:)@user=user@title=title@user.posts <<selfendend

Once our basic classes have be defined, we can create an authorized user to manage permissions.

classAuthorizedUser <Perm::Authorizeddefcan_read?(post)returntrueifuser.roles.include?(:admin)returntrueifuser.roles.include?(:editor)returntrueifuser ==post.userpost.publishedenddefcan_update?(post)returntrueifuser.roles.include?(:admin)returntrueifuser.roles.include?(:editor)user ==post.userenddefcan_delete?(post)returntrueifuser.roles.include?(:admin)user ==post.userendend

Authorized users do the following.

  • wrap user objects —somewhat like the presenter pattern
  • add behavior to wrapped users
  • respond to authorization methods defined ascan_OPERATION?
  • secure by defaulti.e. authorization checks return false until implemented

Usage

Create some users

mary=User.new(roles:[:admin])john=User.new(roles:[:editor,:writer])beth=User.new(roles:[:writer])drew=User.new

Create a post

post=Post.new(user:beth,title:"Authorization made easy")

Wrap each user with an authorizer

authorized_mary=AuthorizedUser.new(mary)authorized_john=AuthorizedUser.new(john)authorized_beth=AuthorizedUser.new(beth)authorized_drew=AuthorizedUser.new(drew)# wrapped users continue to act like usersauthorized_beth.posts# => [#<Post:0x007fe35d081798 @title="Authorization made easy"...# if conflicts arise, simply access the originalauthorized_beth.user

Check permissions

authorized_mary.can_read?(post)# => trueauthorized_mary.can_update?(post)# => trueauthorized_mary.can_delete?(post)# => trueauthorized_john.can_read?(post)# => trueauthorized_john.can_update?(post)# => trueauthorized_john.can_delete?(post)# => falseauthorized_beth.can_read?(post)# => trueauthorized_beth.can_update?(post)# => trueauthorized_beth.can_delete?(post)# => trueauthorized_drew.can_read?(post)# => falseauthorized_drew.can_update?(post)# => falseauthorized_drew.can_delete?(post)# => falsepost.published=trueauthorized_drew.can_read?(post)# => true# we can also check unimplemented permissionsauthorized_mary.can_create?(post)# => falseauthorized_john.can_view?(post)# => false

About

Simple authorization/permission management in Ruby

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

[8]ページ先頭
©2009-2025 Movatter.jp