Skip to content
This repository has been archived by the owner on Jun 24, 2019. It is now read-only.

Usage

Jump to bottom
bdtomlin edited this page Sep 14, 2010 · 12 revisions

copied from Google Code
h2. Summary

RoleRequirement focuses on a simple approach to role-based authentication. You don’t have to learn a new language in order to specify roles; instead, RoleRequirement leverages the power of !Ruby to strike a marvelous balance between simplicity and flexibility.

Features:

  • A user can have many roles or one role
  • Full test helpers to make it easy to test your controllers. (examples here)
  • Squeaky clean implementation – don’t repeat yourself!
  • Code generators: spend more time coding and less time wading through installation instructions.

Usage

Steps to using as easy as 1, 1.5, 2, 3!

1. Install restful_authentication and role_requirement

Install restful_authentication as usual, running your usual ‘script/generate authenticated user sessions’.

script/plugin install git://github.com/technoweenie/restful-authentication.git script/generate authenticated user sessions

To install role_requirement:

script/plugin install git://github.com/timcharper/role_requirement.git

2. Run the generator

script/generate roles Role User

(where User is the name of your user model, and Role is the name of the roles model to create.)

Note: You’ll need to run rake db:migrate to actually modify the database

click here for a list of what the generators do

3. Define your role requirements in your controllers

Only allow administrators to access Users here.

class Admin::Users < ApplicationController require_role “admin” … end

Require contractor role for everything, and then require admin role to destroy, and only let contractors access listings they have access to:

class Admin::Listings < ApplicationController require_role “contractor” require_role “admin”, :for => :destroy # don’t allow contractors to destroy
  1. leverage ruby to prevent contractors from updating listings they don’t have access to.
    require_role “admin”, :for => :update, :unless => "current_user.authorized_for_listing?(params[:id]) "

    end

Other examples:

allow everyone to access index, but only admin can access the rest

require_role “admin”, :for_all_except => :index

allow everyone to access show and index, but only admin can access the rest

require_role “admin”, :for_all_except => [:index, :show]

Help

Here’s how to get help

  • Browse the Documentation
  • Install the plugin, generate the rdoc’s, and browse from there.
  • post an issue to the issue tracker
  • Fire off a message to the mailing list

Author

Tim C. Harper – irb(main):001:0> ( ‘tim_see_harperATgmail._see_om’.gsub(‘see’, ‘c’).gsub(‘AT’, ‘@’) )
Clone this wiki locally