A multiple role-based authorization, based on controller actions.
api_authorization gem acts as a middleware and checks if current_user has the right to visit the controller actions.
It does it by checking the roles of current_user if it has any realationships with permissions table.
This work has been inspired by a very similar implementation I've worked on with Lorenzo Pagano and Andrea Pavoni. They taught me the Ruby art and I'll be forever grateful for this.
Add this line to your application's Gemfile:
gem 'api_authorization'And then execute:
$ bundleOr install it yourself as:
$ gem install api_authorization- After you have created your users_table(through devise or manually) next run
$ rails api_auth:install- Next populate permissions table with your controllers and actions run:
$ rails api_auth:re_populate_permissions- Include the Authorization module on your
ApplicationController:
include ActionController::Helpers
include ApiAuthorization
enable_role_authorization- You can create/read/update/delete roles and permissions for the user through CLI commands or by using the dashboard which is depended on rails_admin gem you need to install seperately by running:
rails api_auth:install_dashboard- add rails_admin on your Gemfile:
gem 'rails_admin', '~> 2.0'- And after running
bundle instaland starting the rails app visit:
http://localhost:3000/auth_dashboard
There are two ways to manage your roles and
Feel free to suggest a feature or report a bug.
The gem is available as open source under the terms of the MIT License.