I’m pleased to announce the official release of “GateKeeper”.
GateKeeper is a Rails plugin that provides easy to use methods to
declare access permissions to instances of ActiveRecord classes at the
model level. Permissions may be based on either a user’s roles (such as
Admin, Moderator, etc) or on associations with other models.
In most simple and straight forward Rails projects, scoping your finds
through has_many associations is probably sufficient for ensuring that
users can’t get at data they aren’t supposed to. For example, a show
action might simply call “@note = User.current.notes.find(params[:id])”
to ensure that the current user owns the note they’re trying to read, or
it won’t even find it.
However, things quickly get more difficult when users need limited
access to other user’s objects based on different roles (such as Admin,
Moderator, Premium Subscriber, Employee of the Month, etc), or based on
their relationship with the object’s owner (such as Owner, Supervisor of
the Owner, etc). You might want to allow variety of people to read
certain objects based on a variety of different roles and relationships,
and only allow a subset of those people to update or destroy the same
objects.
GateKeeper makes this absurdly easy to setup and maintain by allowing
you to simply make declarations right in your model like…
createable_by_my_author
crudable_by_admin
readable_by_premium_member :if => :published?
updateable_by_boss_of_my_author :unless => lambda {|article|
article.draft_number < 3 }
readable_as_my_parent
If a user on your site tries to perform an action on an instance of any
ActiveRecord model, and permission to perform that action hasn’t been
explicitly granted to that user via a declaration like the samples
above, then the action is canceled and an error is raised.
GateKeeper also provides an option to do permission scoping on finds,
automatically removing records from arrays returned by ActiveRecord
finders that the current user doesn’t have permission to read. This is
disabled by default and a permission error is raised if a finder returns
an object the user doesn’t have permisison to read.
More Info Here: http://5valleys.com/posts/show/34
Online Documentation/Installation Instructions Here:
http://gatekeeper.rubyforge.org/
Feedback and Questions strongly encouraged.
–
http://www.5valleys.com/
http://www.workingwithrails.com/person/8078