/zuul

Simple authorization gem for Rails apps

Primary LanguageRuby

Zuul

Zuul provides a simple role-based authorization framework for Rails apps.

Quick Start

Zuul expects that you have a current_user method available.

Add a role to your users table.

add_column :users, :role, :string

In your User model, specify the valid roles.

valid_roles :guest, :member, :admin

In your ApplicationController, enable access restrictions.

include Zuul::RestrictAccess
restrict_access

In your controllers, specify which roles are allowed for which actions.

require_user :guest, :admin, :only => :index, :show

Examples and Options

You can pass restrict_access some options

  • access_denied_message - The string that will be added to the flash if the user has been denied access to an action. Defaults to “You must be logged in to access this page”.

  • require_no_user_message - The string that will be added to the flash if the requested action requires there be NO user signed in and there is one. Defaults to “You must be logged out to access this page”.

  • unauthorized_redirect_path - The name of a method, as a symbol, that will be called to determine where to redirect someone when they have been denied access. The method is expected to return a string. The default is :unauthorized_path which returns “/”.

You can pass require_user a list of roles and also indicate which actions to apply the restriction to using :only and :except. Some examples:

  • Restrict access to all actions for a specific role.

    require_user :admin

  • Restrict access to specific actions for specific roles.

    require_user :guest, :admin, :only => :index, :show

  • Require a user but don’t care about the role.

    require_user :only => :show

  • Don’t allow access to edit or update if there is a user.

    require_no_user :only => :edit, :update

Credits

Thanks to Les Hill for help testing the ApplicationController mixins.

Note on Patches/Pull Requests

  • Fork the project.

  • Make your feature addition or bug fix.

  • Add tests for it. This is important so I don’t break it in a future version unintentionally.

  • Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)

  • Send me a pull request. Bonus points for topic branches.

Copyright

Copyright © 2009 Wes Gibbs. See LICENSE for details.