”>
Very simple Roles library without any authorization enforcement supporting scope on resource object.
Let’s see an example:
user.has_role?(:moderator, Forum.first) => false # if user is moderator of another Forum
This library was intended to be used with CanCan and devise but should be generic enough to be used by any other authentication/authorization solutions.
-
>= Rails 3.1
-
ActiveRecord ORM or Mongoid
-
supports ruby 1.8/1.9, REE, JRuby and Rubinius
In Rails 3, add this to your Gemfile and run the bundle command.
gem "rolify"
Alternatively, you can install it as a plugin.
rails plugin install git://github.com/EppO/rolify.git
First, create your Role model and migration file using this generator:
rails g rolify:role Role User
Role and User classes are the default. You can specify any Role class name you want. This is completly a new file so any name can do the job. For the User class name, you would probably use the one provided by your authentication solution. rolify just adds some class methods in an existing User class.
If you want to use Mongoid instead of ActiveRecord, follow these instructions, and skip to step #3
Let’s migrate !
rake db:migrate
To define a global role:
user = User.find(1) user.has_role :admin
To define a role scoped to a resource instance
user = User.find(2) user.has_role :moderator, Forum.first
To define a role scoped to a resource class
user = User.find(3) user.has_role :moderator, Forum
That’s it !
To check if a user has a global role:
user = User.find(1) user.has_role :admin # sets a global role user.has_role? :admin => true
To check if a user has a role scoped to a resource instance:
user = User.find(2) user.has_role :moderator, Forum.first # sets a role scoped to a resource instance user.has_role? :moderator, Forum.first => true user.has_role? :moderator, Forum.last => false
To check if a user has a role scoped to a resource class:
user = User.find(3) user.has_role :moderator, Forum # sets a role scoped to a resource class user.has_role? :moderator, Forum => true user.has_role? :moderator, Forum.first => true user.has_role? :moderator, Forum.last => true
A global role overrides resource role request:
user = User.find(4) user.has_role :moderator # sets a global role user.has_role? :moderator, Forum.first => true user.has_role? :moderator, Forum.last => true
Starting from rolify 3.0, you can search roles on instance level or class level resources.
forum = Forum.first forum.roles # => [ list of roles that are only binded to forum instance ] forum.applied_roles # => [ list of roles binded to forum instance and to the Forum class ]
Forum.with_role(:admin) # => [ list of Forum instances that has role "admin" binded to it ] Forum.with_role(:admin, current_user) # => [ list of Forum instances that has role "admin" binded to it and belongs to current_user roles ] Forum.find_roles # => [ list of roles that binded to any Forum instance or to the Forum class ] Forum.find_roles(:admin) # => [ list of roles that binded to any Forum instance or to the Forum class with "admin" as a role name ] Forum.find_roles(:admin, current_user) # => [ list of roles that binded to any Forum instance or to the Forum class with "admin" as a role name and belongs to current_user roles ]
If you have any issue or feature request with/for rolify, please add an issue on GitHub or fork the project and send a pull request.