Skip to content

Role-based authentication on controller actions, centrally configured

License

Notifications You must be signed in to change notification settings

shouya/cant_cant_cant

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CantCantCant

Build Status Gem Version Ruby Doc

I want an authentication library to:

  • be light weight and simple, working in a controllable way;
  • be role based, where roles and users are multiple-to-multiple relation;
  • apply on controller actions;
  • have access control in a single configuration file;
  • be able to export a list of permissions for roles

So CanCan[Can] just can't satisfy my requirement. And then CantCantCant is the wheel invented for above purposes.

Installation

Add the following line to your Gemfile and execute bundle.

gem 'cant_cant_cant'

Then run:

$ rails generate cant_cant_cant:install

to generate the config and the initializer.

To get authentication works, you have to adjust config/cant_cant_cant.yml for your own need.

After all you need to tell CantCantCant how to acquire your current role(s). Modify the code in config/initializers/cant_cant_cant.rb.

CantCantCant will raise an exception on unauthorized access. In order to handle the error yourself, take a look on the related code in config/initializers/cant_cant_cant.rb.

Usage

You're done. There is no need to configure more in any of your controllers.

Note that live reloading is not supported yet; it means you'll need to restart your server after modifying your actions/controllers/config to take effect. Live reloading can be enabled by setting config.caching = false to force CantCantCant load your permission file without caching them.

If you need to acquire a list of actions that given roles have access to, just call CantCantCant.allowed_actions_for(roles).

Configuration

The configuration is located in config/cant_cant_cant.yml. The path to configuration file can be modified in the initializer.

The configuration is a YAML document that looks like:

user: &default_permissions
  test#public: allow
  test#admin_only: deny
  test#no_access: deny

admin:
  <<: *default_permissions
  test#admin_only: allow

Initializer

You can adjust the initializer as you want, the only thing to notice is that you need to call CantCantCant.initialize before making any request, otherwise the authentication won't take effect.

CantCantCant need a current_roles method, you should implement it by your own according to the template, either in the initializer or in your own ApplicationController. You can also handle the PermissionDenied exception in the same way.

Using rails generate cant_cant_cant:install, the template will be generated for you in the initializer.

class ActionController::Base
  # Write your own handler
  rescue_from CantCantCant::PermissionDenied do
    render plain: 'permission denied', status: 403
  end

  # Write your own method to return the roles for current user
  def current_roles
    return [] unless defined? current_user
    return [] if current_user.empty?

    current_user.roles
  end
end

License

The gem is available as open source under the terms of the MIT License.

About

Role-based authentication on controller actions, centrally configured

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages