jrun-rails_doorman

== rails_doorman

+rails_doorman+ is an authorization plugin for Ruby on Rails applications.

This code was orignally written by Michael D. Ivey for Merb.

== Resources

Development

• http://github.com/jrun/rails_doorman

Source

• git://github.com/jrun/rails_doorman.git

Bugs

• http://github.com/jrun/rails_doorman/issues

== Usage

=== Controllers

class Admin::ArticlesController < AdminController allow :role => :admin end

allow :role => :admin # current_user.has_role?(:admin) deny :role => :troll allow :role => :admin, :exclude => :show allow :role => :troll, :only => :index

+rails_doorman+ supports more than roles.

allow :user => :nancy # current_user.login.to_sym == 'nancy'.to_sym allow :host => 'allowed.example.org' # request.host =~ Regexp.new('allowed.example.org') deny :host => 'denied.example.org' deny :user_agent => /MSIE/ # request.user_agent =~ Regexp.new(/MSIE/)

=== Views

All rules can be used in views.

<% allow(:role => :admin) do %>

Allowed

<% end %>

<% deny(:role => :troll) do %>

Allowed

<% end %>

=== Unauthorized

When a rule fails a Doorman::Unauthorized error is raised. The error can be caught in ApplicationController#rescue_action_in_public.

class ApplicationController < ActionController::Base private def rescue_action_in_public(exception) case exception when Doorman::InvalidRule render :text => 'Invalid Rule', :status => '500 Internal Server Error' when Doorman::Unauthorized render :text => 'Unauthorized', :status => '401 Unauthorized' else super(exception) end end end

== TODO

=== Rule inheritance

Controller subclasses do not inherit its parents rules. This is more like a bug than a todo.

=== More configurable

+rails_doorman+ should be configurable. For example, the :user rule uses +login+ for comparison. Often times +username+ is used instead of +login+.

This type of configuration is partially implementd but it is half baked and not tested.