declarative_authorization 0.4
I just pushed the decl_auth 0.4 gem to gemcutter.
Major changes since the 0.3 release:
-
Improved DSL: allow nesting of has_many associations for if_permitted_to and if_attribute:
has_permission_on :companies, :to => :read do if_attribute :branches => { :manager => { :last_name => is { user.last_name } } } if_permitted_to :read, :branches end
-
Simplified controller authorization for RESTful controllers with filter_resource_access. Instead of multiple filter_access_to statements, one line is often sufficient:
class BranchController < ApplicationController filter_resource_access :nested_in => :companies end
-
Controller namespace handling. Now, the decl_auth context in controllers is prefixed by the underscored namespace by default. Thanks for all those implementation suggestions in the Github forks.
-
Improved STI handling by allowing to explicitly define the model’s decl_auth context. Just override AModel.decl_auth_context.
-
Test helper to test authorization rules, e.g.
with_user a_normal_user do should_not_be_allowed_to :update, :conferences should_not_be_allowed_to :read, an_unpublished_conference should_be_allowed_to :read, a_published_conference end
-
permitted_to?/! on model level. You may now use those methods in models as you are used to from controllers and views.
-
Switched to gemcutter for gem distribution.
-
Change support in the development support backend (I’ll write a separate Blog post on decl_auth change support soon)
And lots of smaller fixes: full change log.