June 03, 2008 by alex
We have again released a new plugin. Continuing the series of completely original names it’s called totally restful authorization.
The exec summary: you can declaratively add permissions to your (ActiveRecord) models for creating, viewing, updating and destroying them. A set of before filters automagically checks all incoming requests on your restful controllers for the permission and grants or denies access based on the permissions declared on the respective model.
Now with Rails 2.1 out all you have to do is
script/plugin install git://github.com/langalex/totally-restful-authorization.git.
Include he PermissionCheck Module into the controllers you want to be checked or simply into the ApplicationController to secure your entire application.
Second, declare permissions on your model using the built in domain specific language.
That’s it. From now on all requests will be checked against your model permissions and be blocked if the authorization fails. For more details see the README and the unit tests. (Btw. if anyone has a good idea on how to replace the controller tests with RSpec specs, i.e. get controller specs working in a plugin please tell me)