Skip to content

Latest commit

 

History

History
70 lines (60 loc) · 2.34 KB

README.md

File metadata and controls

70 lines (60 loc) · 2.34 KB

Api Authorization (The gem is in development)

A multiple role-based authorization, based on controller actions. api_authorization gem acts as a middleware and checks if current_user has the right to visit the controller actions. It does it by checking the roles of current_user if it has any realationships with permissions table.

This work has been inspired by a very similar implementation I've worked on with Lorenzo Pagano and Andrea Pavoni. They taught me the Ruby art and I'll be forever grateful for this.

Tests License: MIT

Database Model

db_model

Installation

Add this line to your application's Gemfile:

gem 'api_authorization'

And then execute:

$ bundle

Or install it yourself as:

$ gem install api_authorization

Usage

  1. After you have created your users_table(through devise or manually) next run
$ rails api_auth:install
  1. Next populate permissions table with your controllers and actions run:
$ rails api_auth:re_populate_permissions
  1. Include the Authorization module on your ApplicationController :
  include ActionController::Helpers
  include ApiAuthorization
  enable_role_authorization

Make sure that current_user is not nil before putting the snippet above.

  1. You can create/read/update/delete roles and permissions for the user through CLI commands or by using the dashboard which is depended on rails_admin gem you need to install seperately by running:
rails api_auth:install_dashboard
  1. add rails_admin on your Gemfile:
  gem 'rails_admin', '~> 2.0'
  1. And after running bundle instal and starting the rails app visit:
http://localhost:3000/auth_dashboard

Managing Roles and Permissions

There are two ways to manage your roles and

Contributing

Feel free to suggest a feature or report a bug.

License

The gem is available as open source under the terms of the MIT License.