Sha256: 9cd8199e6b8f8712f595df6a0ba366359b186e26a4148ba863ef280577cb370c
Contents?: true
Size: 1.21 KB
Versions: 11
Compression:
Stored size: 1.21 KB
Contents
= Tuersteher
Security-Layer for Rails-Application acts like a firewall.
It's check your URL's or Modells to have the rights for this.
== Install
gem install tuersteher
== Usage
Create in your Rails-Application the rules-file "config/access_rules.rb"
(or copy the sample from samples-directory and modify)
Here is as small sample for "config/access_rules.rb"
# Path-Acces-Rules
path('/').grant.method(:get)
path(:all).grant.role(:ADMIN)
path('/user/lock').deny.role(:USER).role(:APPROVER)
# Model-Acces-Rules
model(Dashboard).grant.method(:view)
model(Todo) do
grant.method(:view)
grant.method(:full_view).role(:ADMIN)
grant.method(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
grant-method(:delete).not.role(:ADMIN)
end
Then extend your ApplicationController with:
include Tuersteher::ControllerExtensions
before_filter :check_access # methode is from Tuersteher::ControllerExtensions
Check if your authendicate-system has implemented the methods:
* current_user
* access_denied
and the current_user should have a method
* has_role?(role)
If not, just implemen it (see samples/application_controller.rb)
== License
LGPL V3 (see license.txt)
Version data entries
11 entries across 11 versions & 1 rubygems