I just pushed the decl_auth 0.4 gem to gemcutter.
Major changes since the 0.3 release:
-
Improved DSL: allow nesting of has_many associations for if_permitted_to and if_attribute:
has_permission_on :companies, :to => :read do if_attribute :branches => { :manager => { :last_name => is { user.last_name } } } if_permitted_to :read, :branches end
-
Simplified controller authorization for RESTful controllers with filter_resource_access. Instead of multiple filter_access_to statements, one line is often sufficient:
class BranchController < ApplicationController filter_resource_access :nested_in => :companies end
-
Controller namespace handling. Now, the decl_auth context in controllers is prefixed by the underscored namespace by default. Thanks for all those implementation suggestions in the Github forks.
-
Improved STI handling by allowing to explicitly define the model’s decl_auth context. Just override AModel.decl_auth_context.
-
Test helper to test authorization rules, e.g.
with_user a_normal_user do should_not_be_allowed_to :update, :conferences should_not_be_allowed_to :read, an_unpublished_conference should_be_allowed_to :read, a_published_conference end
-
permitted_to?/! on model level. You may now use those methods in models as you are used to from controllers and views.
-
Switched to gemcutter for gem distribution.
-
Change support in the development support backend (I’ll write a separate Blog post on decl_auth change support soon)
And lots of smaller fixes: full change log.
Thanks for the update, just let you know that declarative authorization is the best one out there imho. In long run it’s really much easier to manage rules in one place than searching around code. Cheers!
Posted by Priit on November 19th, 2009.
Hi there. I’m just learning rails and I’m looking for authorization solutions. This one looks really interesting, but your github links are all giving me 404.. oops never mind looks like github is having issues in general :)
OK I’ll keep my eye on this an hope to learn more soon!
Thanks!
Posted by John on November 24th, 2009.
I found the namespace documentation a little hard to follow. It would be nice if the documentation said something like.
Given the following Controller:
class SubscriptionAdmin::AccountsController [:index, :show, :new, :create, :edit, :update, :destroy]
end
end
Posted by Austin Ginder on November 27th, 2009.
my last comment got messed up, not sure how. Just to clarify I did figure it out then.
Posted by Austin Ginder on November 27th, 2009.
How to set permission for a custom method?
has_permission_on :foos, :to => :ownmethod doesnt work (is blocked by default) :/
Posted by john on December 31st, 2009.
For usage questions, please turn to the mailing list http://groups.google.com/group/declarative_authorization/
Actually, this should just work. Maybe you have an error elsewhere in your code.
Posted by Steffen Bartsch on December 31st, 2009.
Not to nitpick, but you’re missing a closing curly brace in your first example for your improved DSL, it should be as follows:
has_permission_on :companies, :to => :read do
if_attribute :branches => {
:manager => { :last_name => is { user.last_name } } }
if_permitted_to :read, :branches
end
Posted by Matt Schick on April 15th, 2010.
You are right. Now it’s correct.
Posted by Steffen Bartsch on April 15th, 2010.