README.md in stasi-0.0.1.alpha vs README.md in stasi-0.1.0

- old
+ new

@@ -15,32 +15,54 @@ ``` Then you can check permissions this way : ```ruby -user.can? :read, :posts +user.can? :read, @post ``` You define permissions in an initializer : ```ruby Robotnik::Authorization::Law.define do + + default do + can :read, Post + end status :admin do - can read, :posts - can :destroy, :posts + can :edit, Post, if: Proc.new{ |post| post.editable } + can :destroy, Post end status :guest do - can :read, :post + can :comment, :commentable end end ``` Undefined permissions default to `false`. -`:admin` and `:guest`, in this example, must be methods on the `user` object. +`:admin` and `:guest`, in this example, must be method names on the `user` object. The only method name that is not allowed is `:default`, as `status :default` is equivalent to `default`. +The `can` method takes two arguments : an action name as a symbol, and a resource. The resource can be : + +* a class, eg. `Post` +* a symbol, eg. `:commentable`. The authorization will be applied if `@post.commentable` returns `true`. This method can take one argument, in which case, the user object will be passed to it. + +Optionnally, the `can` method can take a hash with conditions (hash keys can be `if` and `unless`, values can be Proc. The resource tested will be yielded). +Finally, the `can` method can take a block, in which case the `can?` method will return the return value of the block. This is useful when defining abilities on collections : + +```ruby + can :index, Post do |posts| + posts.where(published: true) + end +``` + +The `cannot` method takes only two arguments : the action name, and the resource. + ## Milestones -* pass directly object, and not a symbol +* yield user to blocks and procs in defining abilities +* pass symbol or proc to `:if` and `:unless` conditions +* alias actions :manage, :all, :read => [:index, :show], :create => [:new, :create], … * load specific permissions from db