tcs-ldap-permission

Tcs::Ldap::Permission Gem

An easy way to map LDAP groups to application roles

Installation

This supports Rails 4.2 and above.

Add this line to your application's Gemfile:

gem 'tcs-ldap-permission'

And then execute:

$ bundle

Or install it yourself as:

$ gem install tcs-ldap-permission

Usage

Add a config/ldap_permissions.yml configuration file, e.g.

<%= Rails.env %>:
  groups:
    PAYROLL_LINK_KRONOS SEC:
    - manage_job_codes
    IS Directors:
    - superuser
  users:
    jonny@appleseed.com:
      - approve_job_codes

In your User class, include the Tcs::Ldap::Permission module

class User
  include Tcs::Ldap::Permission
  ...

Now you can check authorization in your controller

before_action :authorize!
...
def authorize!
  unless current_user.can?(:manage_job_codes)
    flash[:error] = I18n.t "devise.failure.unauthorized"
    redirect_to(root_path)
  end
end

Configuration

The config/ldap_permissions.yml file specifies what actions are available to a group or user. It is preferable to only use groups so that the config/ldap_permissions.yml doesn't need to be updated every time a person moves into or out of a role. In situations where it doesn't make sense to create a group, you can specify individual users by their login.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/the-container-store/Tcs-Ldap-Permission-Gem.