No PhD

I work for Nature Publishing, but I haven't got a PhD

Simple authorisation gem for Rails

leave a comment »

I’ve been looking around for a simple gem to handle basic Rails controller authorisation but I didn’t really get on with any of the maintained gems out there. They mostly rely on additional tables in your DB, cover hundreds of cases I don’t care about and generally seem a lot of effort.

The fruits of this frustration are here. My main aims with authoritah were providing a simple declarative DSL for specifying your permission rules that you customise to hook in to whatever authentication system you use.

Here’s an example:

class WidgetController < ApplicationController
  permits :current_user => :admin?, :to => [:create, :destroy]
  permits :current_user => :logged_in?, :to => :show

Authoritah relies on you providing a method or methods on your controller that result in an object you can query for authorisation information. In these examples we’re following the restful_authentication/authlogic approach of a current_user method that returns the currently logged in user.

At present you can’t just do the following:

class WidgetController < ApplicationController
  permits :logged_in?

which would imply you want the action to be permitted as long as there is a user logged in (i.e. you have a logged_in? method on your controllers). I’ll fix this soon though.

For more information see the gems home at


Written by spanx

27th September, 2009 at 5:15 pm

Posted in Code

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: