Simple routes authorization solution for Rails based on user roles. All permissions are defined in a single location (the Permission class) and not duplicated across your code.
Add in your Gemfile:
gem 'route_authorizer'
And then execute:
$ bundle
Create Permission file app/models/permission.rb:
rails g route_authorizer:install
RouteAuthorizer expects a current_user method to exist in the controller. The current_user needs a role method.
Add in your ApplicationController.rb
before_action :authorize_user!
All permissions are defined at Permission file app/models/permission.rb.
To permit all roles to HomeController
all_roles do
permit :home
end
Or to a specific action
all_roles do
permit :home, only: [:index]
end
To permit admin (user with admin role) to do all functions
role :admin do
permit_all
end
To permit customer (user with customer role) just to OrdersController
role :customer do
permit :orders
end
You can find a Permission sample here.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request