=Respec' my Authoritah!!

A stupidly simple authorization gem for Rails.

==Installation

Make sure Github is in your repo sources:
  $ gem sources -a http://gems.github.com
  
Installation:
  $ sudo gem install indmill-authoritah
  
==Usage

By default (i.e. when no Authoritah declarations are made) all requests are allowed. Authoritah is pretty flexible in introducing authorization rules to your application. An example is called for:

  class WidgetController < ApplicationController
  
    permits :current_user => :admin?
  end
  
This is a wildcard rule. It assumes you have a method on your controller called "current_user" (as something like restful_authentication or authlogic would provide) that returns an object that can respond to an admin? message - the rule will pass if admin? returns true. Once a permit rule is defined access to the actions of this controller are ONLY permitted if you fulfill the predicate. 

  class WidgetController < ApplicationController

    permits :current_user => :admin?, :to => [:create, :destroy]
    permits :current_user => :logged_in?, :to => :show
  end

What about if we only want to control access to certain actions? Easy, add a :to option and pass it an action or array of actions. You can add as many rules and scope them by action - Authoritah will ensure that a request is only permitted if all rules for a given action pass.

You also have the ability to expressly forbid access using the forbids directive:

  class WidgetController < ApplicationController

    permits :current_user => :logged_in?
    forbids :current_user => :blacklisted?, :from => [:create, :destroy]
  end

In this scenario any logged in user can access the controller actions, but any user responding true to blacklisted? will be forbidden from running the :create or :destroy actions.

The final feature so far is the ability to pass a Proc as the predicate:

  class WidgetController < ApplicationController

    forbids :current_user => Proc.new {|user| user.name.index("Hacky McHackster") }
  end

The Proc gets passed the result of the :current_user message to the controller for you to specify more complex rules.

This is VERY early and probably has a legion of bugs, but there's a good spread of specs and I'll be improving it over the coming days. Thanks for watching.