Simple, declarative, role-based access control system for Rails and Ruby

  1. SimonSays

    A ruby gem for simple, declarative, role-based access control system for Rails that works great with Devise! Take a look at the docs for more details!

  1. Installation

    SimonSays can be installed via your Gemfile or using Ruby gems directly.

  1. Useage

    SimonSays consists of two parts. One is a model concern called Roleable. The other is a controller concern called Authorizer.

    The idea is very simple: give resources some set of roles and find and authorize resources against those roles on a controller (and action) basis.

  1. Roleable

    First, we need to define some roles. Generally speaking roles will exist on either "User" models or on relationship models (like a through model linking a User to another resource).

    Here are two models, Admin and User that using the concern via the has_roles method. Roles are stored as an integer and bitmasking is used to determine authorization logic. When using Roleable you need to add a roles_mask column.

    The attribute name can be customized by using the :as option as seen in the Admin model below.

    The Membership model also shows how to use Roleable with a through model.

    Finally, also note the dynamically generated has_ methods as shown in the User model as well the ROLES constant which is used in the Membership example.

  1. Authorizer

    The Authorizer concern provides several methods that can be used within your controllers in declarative manner.

    Please note, certain assumptions are made with Authorizer. Building upon the above User and Admin models, Authorizer would assume there is a current_user and current_admin method. If these models correspond to devise scopes this would be the case by default. Additionally there would need to be an authenticate_user! and authenticate_admin! method, which devise provides as well.

    Eventually, we would like to see better customization around the authentication aspects. This library is intended to solve the problem of authorization and access control. It is not an authentication library.

    In the below example we have two controllers for document and report resources. It is clear to see which resources and which are roles are required for each controller and action. Note the difference between find_resource and find_and_authorize.

    Two exceptions can be raised by the finder and authorize methods. Specifically, if a the report record or the membership relationship does not exist an ActiveRecord::NotFound exception will be raised. If the records do exist, but the role conditions are not met, a SimonSays::Authorizer::Denied exception is raised.

    Please refer to the docs for more information on the various declarative methods provided by the Authorizer.

  1. Get a website like this for your open source project for free!

    Do it

  1. Contributing

    1. Fork it
    2. Create your new feature branch
    3. Commit your changes
    4. Push changes to the branch
    5. Create a new and submit a new Pull Request!
  2. Roadmap

    • Add Rails generators to make installation and customization even easier
    • Expand the model API via the Roleable concern
    • Authentication customization and more complex user logic
  3. Who and Why?

    Written by @mikeycgto and used in @SimplyBuilt

    Defining access control in model-like classes can be painful. Using modern concerns with a declarative interface is more fun!