Hold The Door! Don't pass the dark forces!
HoldTheDoor! Authorization Framework for Rails 5 created special for modern Rails Apps
Provides: ACL + Ownership + Permitted Paramsβ
For demo purposes we use just edit
action here
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
hold_the_door!
end
class PagesController < ApplicationController
authorize_resource_name :editable_page
before_action :set_page
before_action :authorize_owner!
def edit
@editable_page.update with_permitted_params
redirect_to :back, notice: 'Page was updated'
end
private
def set_page
@editable_page = Page.find params[:id]
end
end
For Demo purposes we use SLIM template language here
= form_for @page do |f|
.field
= f.label :title
= f.text_field :title
.field
= f.label :content
= f.text_area :content
- if can?(@page, :update_user)
.field
= f.label :user_id
= f.text_field :user_id
- if permitted_param?(@page, :moderation_comment)
.field
= f.label :moderation_comment
= f.text_area :moderation_comment
.actions
= f.submit 'Submit'
gem 'hold_the_door'
bundle install
rake install:hold_the_door
It will add config/initializers/hold_the_door.rb
And create the following file structure
app/permissions/
└── hold_the_door
├── acl.rb
├── ownership.rb
└── permitted_params.rb
- Why HoldTheDoor is an Authorization Framework?
- What does it mean ACL?
- Why I have to try HoldTheDoor instead CanCan?
- What does it mean β in
Permitted Params
functionality? - How typical Authentication/Authorization process goes in Rails?
- Where I can find the Demo App for HoldTheDoor?
- How can I start tests?
The gem is available as open source under the terms of the MIT License.