INSTALLATION
gem install acts_as_authoritah
Rails 2.* Add in environemnt.rb
config.gem 'acts_as_authoritah'
Rails 3.* Add in Gemfile
gem 'acts_as_authoritah'
- Creating blog posts. - Editing blog posts. - Commenting on blog posts.
A blog post when first created will be in unpublished state. The post can be published later.
User Roles and capabilities.
-
Author
He can create blog posts He can edit posts He can view blog posts He cannot add comments
-
Registered user (who has signed up and logged-in)
He can view blog posts He can comment on blog posts He cannot create blog posts He cannot edit blog posts
-
anonymous user
He can view blog posts He cannot add comments He cannot create blog posts He cannot edit blog posts
-
admin
unrestricted access to everything.
When post is unpublished
-
Logged-in user (who has signed up)
He cannot comment on blog posts He cannot view blog posts.
-
Create an excel sheet (or download a sample github.com/bangthetable/acts_as_authoritah/blob/master/sample/default.xls) and save it at config/acl/default.xls. When the post is unpublished, there are two rules which are different from the default set of rules. We need to add these two rules alone in config/acl/unpublished.xls github.com/bangthetable/acts_as_authoritah/blob/master/sample/unpublished.xls
-
Add the following line to your User model (or to whichever is your equivalent of User model)
acts_as_authoritah :acl_folder => File.join(RAILS_ROOT,"config","acl")
-
Add ‘include ActsAsAuthoritah’ in ApplicationController
-
ActsAsAuthoritah needs a wrapper around your ‘current_user’ method (name may differ based on the authentication system you use), to make it return an empty User object when user is not logged in.
A sample -
def present_user current_user.to_s == "false" ? User.new : current_user end
-
In your User model, you need to define a ‘usertype’ method which should return the role of that user (same as in the first row of the spreadsheet).
A sample -
def usertype(args={}) return role.name if role return "anonymous" if new_record? return "registered" end
Implementation of usertype method can vary, based on the role-system you are following. Just make sure it always returns role of the user (string), which should match with the roles specified in the first row of the spreadsheet.
-
in Post model
def status published? ? nil : 'unpublished' end
This will be used to let authoritah know when a post in in unpublished state, so that authoritah can override the default rules with those in unpublished.xls
-
For access control of methods in PostController and CommentController, put these two files in lib/access_control/ github.com/bangthetable/acts_as_authoritah/blob/master/sample/comment_controller_access.rb github.com/bangthetable/acts_as_authoritah/blob/master/sample/post_controller_access.rb
-
To make sure that links are shown only to appropriate users, add lines like these in in the views.
<% if present_user.can_post_a_comment?(:context => @post.status) %> <%= link_to 'Add a comment', {:controller => 'comment', :action => 'new', :post_id => @post.id} %> <% end%> -
Thats all - your application is access controlled by ActsAsAuthoritah now.
-
You can grant/revoke access to different features to different roles just by editing the spreadsheets.
-
You can add a new user-role by adding a column in the spreadsheets.
-
If your application needs to have one more context (say, archived posts), you can do that by adding one more spreadsheet called archived.xls.
-
-
Fork the project.
-
Make your feature addition or bug fix.
-
Add tests for it. This is important so I don’t break it in a future version unintentionally.
-
Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but
bump version in a commit by itself I can ignore when I pull)
-
Send me a pull request. Bonus points for topic branches.
Copyright © 2010 Bang The Table. See LICENSE for details.