=Zuul

Zuul provides a simple role-based authorization framework for Rails apps.

==Quick Start

Zuul expects that you have a +current_user+ method available.

Add a +role+ to your +users+ table.

   add_column :users, :role, :string

In your +User+ model, specify the valid roles.

  valid_roles :guest, :member, :admin

In your +ApplicationController+, enable access restrictions.

  include Zuul::RestrictAccess
  restrict_access

In your controllers, specify which roles are allowed for which actions.

  require_user :guest, :admin, :only => :index, :show

==Examples and Options

You can pass +restrict_access+ some options
* +access_denied_message+ - The string that will be added to the flash[:notice] if the user has been denied access to an action. Defaults to "You must be logged in to access this page".
* +require_no_user_message+ - The string that will be added to the flash[:notice] if the requested action requires there be NO user signed in and there is one. Defaults to "You must be logged out to access this page".
* +unauthorized_redirect_path+ - The name of a method, as a symbol, that will be called to determine where to redirect someone when they have been denied access. The method is expected to return a string. The default is :unauthorized_path which returns "/".

You can pass +require_user+ a list of roles and also indicate which actions to apply the restriction to using <code>:only</code> and <code>:except</code>. Some examples:
* Restrict access to all actions for a specific role.

  <code>require_user :admin</code>

* Restrict access to specific actions for specific roles.

  <code>require_user :guest, :admin, :only => :index, :show</code>

* Require a user but don't care about the role.

  <code>require_user :only => :show</code>

* Don't allow access to edit or update if there is a user.

  <code>require_no_user :only => :edit, :update</code>

== Credits

Thanks to {Les Hill}[http://github.com/leshill] for help testing the +ApplicationController+ mixins.

== Note on Patches/Pull Requests

* Fork the project.
* Make your feature addition or bug fix.
* Add tests for it. This is important so I don't break it in a
  future version unintentionally.
* Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
* Send me a pull request. Bonus points for topic branches.

== Copyright

Copyright (c) 2009 Wes Gibbs. See LICENSE for details.