heavysixer/rolesystem

RoleSystem

The RoleSystem grants or denies access to controllers methods based on membership to role
groups. The group model has a context attribute, which when set to ‘role’
will appear in the member’s list or roles

This implementation derives some inspiration from Tim Charper’s Role Requirement System

Include this in your ApplicationController to make the RoleSystem available for all controllers.

Example

Here is a hypothetical example of how a model can be created to have roles.

  
    @group = Group.create_with(:name => 'admin', :description => 'admin role', :context => 'role')
    @member.groups << @group
    @member.roles => [:admin]

Used to find the current user (if any) This before filter needs to be called BEFORE any role checking. A good place for this would be the application.rb file.

  
  before_filter { |controller| controller.role_player = :current_user }

  grant_access_to "editor" # editors are allowed 
  grant_access_to "admin", :only => :destroy # Editors can create but not destroy

Roles access can be mixed and matched

  
    class MixedRoleAccessController < ApplicationController

      # Content Editor can only access the "new" action
      grant_access_to :content_editor, :only => [:new, :create]

      # Admin has access to only "destroy" but not "new", "publish" or "create"
      grant_access_to :admin,   :only => [:destroy]

      # Editor has access to "new", "publish" and "create" but not "destroy"
      grant_access_to :editor,  :except => :destroy

      def new;end
      def create;end
      def publish;end
      def destroy;end
    end

You can also route around roles for entire controllers like this:

  
    class PublicController < AdminOnlyController
      skip_role_system
    end

Or you can designate certain actions public and certain actions role-required


class MixedAuthenticatedNonAuthenticatedActionsController < MockApplicationController
all_access_to :only => [:everybody_allowed]
grant_access_to [:admin]
def admin_only;end
def everybody_allowed;end
end

Valid Options

:only – Only require the role for a specific actions
:except – The role is required for all but the specificed action(s)
:if – A Proc or string to evaluate; a result of true means the role is required.
:unless – The opposite of if

Example Account Model Methods

The Role System expects that the account model includes a has_role? method, which is used
to determine available roles.

  
    def roles
      groups.find(:all, :conditions => "context = 'role'")
    end
    
    def has_role?(role)
      roles.map{ |g| g.name.downcase.to_sym }.include?(role)
    end

Extra Credit

This plugin was originally developed for the excellent website Newstrust, which graciously
gave me permission to make it open source.

About NEWSTRUST

NewsTrust helps people find good journalism online. Our free website
features a daily feed of quality news and opinion from independent and
mainstream sources, based on ratings from our reviewers:
http://www.newstrust.net

We rate the news based on quality, not just popularity. Our web review
tools enable our members to evaluate fairness, evidence, sourcing and
other core journalistic principles. NewsTrust is non-profit,
non-partisan and encourages both news literacy and civic engagement. Our
mission is to to help citizens make more informed decisions about our
democracy.

It’s a great way to get “news you can trust” all in one place. To find
out more, check our About page: http://www.newstrust.net/about/

heavysixer / rolesystem