Wiki pages (download and usage instructions) and discussion area can be found at the Authorization plugin area of Google Code.
Git repository can be found here.
This plugin provides a flexible way to add authorization to Rails.
The authorization process decides whether a user is allowed access to some feature. It is distinct from the authentication process, which tries to confirm a user is authentic, not an imposter. There are many authentication systems available for Rails, e.g., acts_as_authenticated and LoginEngine. This authorization system will play nicely with them as long as some simple requirements are met:
- User objects are available that implement a has_role?(role, authorizable_object = nil) method. This requirement can be easily handled by using acts_as_authorized_user in the User-like class.
- If you want to use "role of model" authorization expressions, like "owner of resource" or "eligible for :award", then your models with roles must implement an accepts_role?(role, user) method. This requirement can be handled by using acts_as_authorizable in the model class.
The authorization plugin provides the following:
- A simple way of checking authorization at either the class or instance method level using permit and permit?
- Authorization using roles for the entire application, a model class, or an instance of a model (i.e., a particular object).
- Some english-like dynamic methods that draw on the defined roles. You will be able to use methods like "user.is_fan_of angelina" or "angelina.has_fans?", where a ‘fan’ is only defined in the roles table.
- Pick-and-choose a mixin for your desired level of database complexity. For all the features, you will want to use "object roles table" (see below)
