[ANN] GateKeeper, Model Level Permissions Management

I’m pleased to announce the official release of “GateKeeper”.

GateKeeper is a Rails plugin that provides easy to use methods to
declare access permissions to instances of ActiveRecord classes at the
model level. Permissions may be based on either a user’s roles (such as
Admin, Moderator, etc) or on associations with other models.

In most simple and straight forward Rails projects, scoping your finds
through has_many associations is probably sufficient for ensuring that
users can’t get at data they aren’t supposed to. For example, a show
action might simply call “@note = User.current.notes.find(params[:id])”
to ensure that the current user owns the note they’re trying to read, or
it won’t even find it.

However, things quickly get more difficult when users need limited
access to other user’s objects based on different roles (such as Admin,
Moderator, Premium Subscriber, Employee of the Month, etc), or based on
their relationship with the object’s owner (such as Owner, Supervisor of
the Owner, etc). You might want to allow variety of people to read
certain objects based on a variety of different roles and relationships,
and only allow a subset of those people to update or destroy the same
objects.

GateKeeper makes this absurdly easy to setup and maintain by allowing
you to simply make declarations right in your model like…

createable_by_my_author
crudable_by_admin
readable_by_premium_member :if => :published?
updateable_by_boss_of_my_author :unless => lambda {|article|
article.draft_number < 3 }
readable_as_my_parent

If a user on your site tries to perform an action on an instance of any
ActiveRecord model, and permission to perform that action hasn’t been
explicitly granted to that user via a declaration like the samples
above, then the action is canceled and an error is raised.

GateKeeper also provides an option to do permission scoping on finds,
automatically removing records from arrays returned by ActiveRecord
finders that the current user doesn’t have permission to read. This is
disabled by default and a permission error is raised if a finder returns
an object the user doesn’t have permisison to read.

More Info Here: http://5valleys.com/posts/show/34
Online Documentation/Installation Instructions Here:
http://gatekeeper.rubyforge.org/

Feedback and Questions strongly encouraged.


http://www.5valleys.com/
http://www.workingwithrails.com/person/8078

I put gate_keeper folder to vendor directory…And restarted IDE(Eclipse)
and I get an error

private method `find’ called for ServiceDeskStatus:Class

Here ServiceDeskStatus is one of my Activeecord class.

The error occured at view
select(“sd_ticket”, “service_desk_status_id”,
ServiceDeskStatus.find(:all).collect {|p| [ p.name, p.id ] },options
={:prompt => “<< Select any >>”})

What would be the cause for this?I am using rails 1.2.5 and ruby 1.8.6

Thanks in advance
Sijo

Sijo Kg wrote:

={:prompt => “<< Select any >>”})

What would be the cause for this?I am using rails 1.2.5 and ruby 1.8.6

Thanks in advance
Sijo

Hmmm… Well, for starters, it probably would have been good of me to
mention that GateKeeper was built for Rails 2.0.2 and I haven’t tested
it on versions prior to that. So, it might just not be compatible.
Based, on what you gave above, that’s my strong suspicion. I’ll add a
comment to the online docs to warn people about that and hopefully save
somebody a headache or two.


http://www.5valleys.com/
http://www.workingwithrails.com/person/8078