RoleSystem
The RoleSystem grants or denies access to controllers methods based on membership to role
groups. The group model has a context attribute, which when set to ‘role’
will appear in the member’s list or roles
This implementation derives some inspiration from Tim Charper’s Role Requirement System
Include this in your ApplicationController to make the RoleSystem available for all controllers.
Example
Here is a hypothetical example of how a model can be created to have roles.
@group = Group.create_with(:name => 'admin', :description => 'admin role', :context => 'role')
@member.groups << @group
@member.roles => [:admin]
before_filter { |controller| controller.role_player = :current_user }
grant_access_to "editor" # editors are allowed
grant_access_to "admin", :only => :destroy # Editors can create but not destroy
class MixedRoleAccessController < ApplicationController
# Content Editor can only access the "new" action
grant_access_to :content_editor, :only => [:new, :create]
# Admin has access to only "destroy" but not "new", "publish" or "create"
grant_access_to :admin, :only => [:destroy]
# Editor has access to "new", "publish" and "create" but not "destroy"
grant_access_to :editor, :except => :destroy
def new;end
def create;end
def publish;end
def destroy;end
end
class PublicController < AdminOnlyController
skip_role_system
end
class MixedAuthenticatedNonAuthenticatedActionsController < MockApplicationController
all_access_to :only => [:everybody_allowed]
grant_access_to [:admin]
def admin_only;end
def everybody_allowed;end
end
Valid Options
- :only – Only require the role for a specific actions
- :except – The role is required for all but the specificed action(s)
- :if – A Proc or string to evaluate; a result of true means the role is required.
- :unless – The opposite of if
Example Account Model Methods
The Role System expects that the account model includes a has_role? method, which is used
to determine available roles.
def roles
groups.find(:all, :conditions => "context = 'role'")
end
def has_role?(role)
roles.map{ |g| g.name.downcase.to_sym }.include?(role)
end
Extra Credit
This plugin was originally developed for the excellent website Newstrust, which graciously
gave me permission to make it open source.
NEWSTRUST
AboutNewsTrust helps people find good journalism online. Our free website
features a daily feed of quality news and opinion from independent and
mainstream sources, based on ratings from our reviewers:
http://www.newstrust.net
We rate the news based on quality, not just popularity. Our web review
tools enable our members to evaluate fairness, evidence, sourcing and
other core journalistic principles. NewsTrust is non-profit,
non-partisan and encourages both news literacy and civic engagement. Our
mission is to to help citizens make more informed decisions about our
democracy.
It’s a great way to get “news you can trust” all in one place. To find
out more, check our About page: http://www.newstrust.net/about/
Copyright © 2008 RoleSystem Mark Daggett, released under the MIT license