/hold_the_door

Authorization Framework for Rails 5. ACL + Ownership + Permitted Params

Primary LanguageRubyMIT LicenseMIT

HoldTheDoor!

Hold The Door! Don't pass the dark forces!

Intro

HoldTheDoor! Authorization Framework for Rails 5 created special for modern Rails Apps

Provides: ACL + Ownership + Permitted Paramsβ

How my Controllers will look with HoldTheDoor gem?

For demo purposes we use just edit action here

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  hold_the_door!
end
class PagesController < ApplicationController
  authorize_resource_name :editable_page

  before_action :set_page
  before_action :authorize_owner!

  def edit
    @editable_page.update with_permitted_params

    redirect_to :back, notice: 'Page was updated'
  end

  private

  def set_page
    @editable_page = Page.find params[:id]
  end
end

How my Views will look with HoldTheDoor gem?

For Demo purposes we use SLIM template language here

= form_for @page do |f|
    .field
      = f.label :title
      = f.text_field :title

    .field
      = f.label :content
      = f.text_area :content

  - if can?(@page, :update_user)
      .field
        = f.label :user_id
        = f.text_field :user_id

  - if permitted_param?(@page, :moderation_comment)
      .field
        = f.label :moderation_comment
        = f.text_area :moderation_comment

  .actions
    = f.submit 'Submit'

Installation

1. Add gem in you Gemfile

gem 'hold_the_door'

2. Bundle install

bundle install

3. Install required files

rake install:hold_the_door

It will add config/initializers/hold_the_door.rb

And create the following file structure

app/permissions/
└── hold_the_door
    ├── acl.rb
    ├── ownership.rb
    └── permitted_params.rb

4. Define ACL logic

5. Define Ownership logic

6. Define Permitted Paramsβ logic

7. Learn the API

FAQ

License

The gem is available as open source under the terms of the MIT License.