Rails extension for AccessPolicy. Stores the policy_check_user (default current_user) in a RequestLocalStorage. So it is not needed to pass the user around.
Further more some macros are provided to query permissions and protect actions.
Add this line to your application's Gemfile:
gem 'access_policy_rails'
And then execute:
$ bundle
Or install it yourself as:
$ gem install access_policy_rails
class DummyController < ActionController::Base
# ... typical controller stuff
around_action :wrap_with_transaction # in case AccessPolicy::AuthorizeNotCalledError is raised, better tested in spec's that this does not happen
# instead of
#
# def create
# end
#
# def show
# end
guarded_action :create do
end
guarded_action :show do
end
protected
def wrap_with_transaction
ActiveRecord::Base.transaction do
yield
end
end
end
DummyControllerPolicy = Struct.new(:current_user, :controller) do
def create?
!! (current_user && current_user.create_allowed?)
end
def show?
!! (current_user && current_user.show_allowed?)
end
end
# Query permissions in controller or view
policy_for(an_object).allow?(:create)- Fork it ( http://github.com/slowjack2k/access_policy_rails/fork )
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request