"If you like the straight forward and effective nature of Strong Parameters and suspect that cancan might be overkill for your project then you'll love Petergate's easy to use and read action and content based authorizations."
-- I proclaim optimistically
gem 'petergate'
bundle
gem install petergate
Make sure your user model is defined in app/models/user.rb and called User.
If you're using devise you're in luck, otherwise you'll have to add following methods to your project:
user_signed_in?
current_user
after_sign_in_path_for(current_user)
authenticate_user!
rails g petergate:install
rake db:migrate
This will add:
ruby
petergate(roles: [:admin])
to your User model.
Setup permissions in your controllers the same as you would for a before filter like so:
access all: [:show, :index], user: {except: [:destroy]}, company_admin: :all
# one other option that might seem a bit weird is to put a group of roles in an array:
access [:all, :user] => [:show, :index]
Inside your views you can use logged_in?(:admin, :customer, :etc) to show or hide content.
<%= link_to "destroy", destroy_listing_path(listing) if logged_in?(:admin, :customer, :etc) %>
If you need to access available roles within your project you can by calling:
User::ROLES
# or from an instance
User.first.available_roles
# ROLES is a CONSTANT and will still work from within the User model instance methods
# like in this default setter:
def roles=(v)
self[:roles] = v.map(&:to_sym).to_a.select{|r| r.size > 0 && ROLES.include?(r)}
end
PeterGate is written and maintaned by Isaac Sloan and friends.
Currently funded and maintained by RingSeven
git checkout -b my-new-feature)git commit -am 'Add some feature')git push origin my-new-feature)