Usage

copied from <a href="http://code.google.com/p/rolerequirement/">Google Code</a> h2. Summary RoleRequirement focuses on a simple approach to role-based authentication. You don’t have to learn a new language in order to specify roles; instead, RoleRequirement leverages the power of !Ruby to strike a marvelous balance between simplicity and flexibility. Features: <ul> <li>A user can have many roles or one role</li> <li>Full test helpers to make it easy to test your controllers. (<a href="http://code.google.com/p/rolerequirement/wiki/TestingRoleRequirement">examples here</a>)</li> <li>Squeaky clean implementation – don’t repeat yourself!</li> <li>Code generators: spend more time coding and less time wading through installation instructions.</li> </ul> <h2>Usage</h2> Steps to using as easy as 1, 1.5, 2, 3! <h3>1. Install restful_authentication and role_requirement</h3> Install restful_authentication as usual, running your usual ‘script/generate authenticated user sessions’. script/plugin install git://github.com/technoweenie/restful-authentication.git script/generate authenticated user sessions To install role_requirement: script/plugin install git://github.com/timcharper/role_requirement.git <h3>2. Run the generator</h3> script/generate roles Role User (where User is the name of your user model, and Role is the name of the roles model to create.) Note: You’ll need to run rake db:migrate to actually modify the database <a href="http://code.google.com/p/rolerequirement/wiki/WhatTheGeneratorsDo">click here for a list of what the generators do</a> <h3>3. Define your role requirements in your controllers</h3> Only allow administrators to access Users here. class Admin::Users < ApplicationController require_role “admin” … end Require contractor role for everything, and then require admin role to destroy, and only let contractors access listings they have access to: class Admin::Listings < ApplicationController require_role “contractor” require_role “admin”, :for => :destroy # don’t allow contractors to destroy <ol> <li>leverage ruby to prevent contractors from updating listings they don’t have access to. require_role “admin”, :for => :update, :unless => "current_user.authorized_for_listing?(params[:id]) " … end</li> </ol> Other examples: allow everyone to access index, but only admin can access the rest require_role “admin”, :for_all_except => :index allow everyone to access show and index, but only admin can access the rest require_role “admin”, :for_all_except => [:index, :show] Help Here’s how to get help <ul> <li>Browse the Documentation</li> <li>Install the plugin, generate the rdoc’s, and browse from there.</li> <li>post an issue to the issue tracker</li> <li>Fire off a message to the mailing list</li> </ul> Author Tim C. Harper – irb(main):001:0> ( ‘tim_see_harperATgmail._see_om’.gsub(‘see’, ‘c’).gsub(‘AT’, ‘@’) ) 2008-10-11T12:58:42-07:00 66056 usage

24558

Usage

2008-10-11T13:36:51-07:00

25921