search

nathanl / authority

*CURRENTLY UNMAINTAINED*. Authority helps you authorize actions in your Rails app. It's ORM-neutral and has very little fancy syntax; just group your models under one or more Authorizer classes and write plain Ruby methods on them.
MIT License
1.21k stars 67 forks source link

authorize controller without resources ? #66

Closed gagalago closed 10 years ago

gagalago commented 10 years ago

Is it possible to authorize a controlleur without a resource ?

For example, I have a PrivateController which has in index the summary table of all the administrative resources. I would like to allow administrators and managers to access this page.

the authorizer is easy :

class PrivateAuthorizer < ApplicationAuthorizer
  def self.readable_by?(user)
    user.has_any_role?(:admin, :manager)
  end
end

What should I put in the controller to use this authorizer. As I do not realy have model resources associated with my controller, I do not know what I have to put in authorize_action_for.

nathanl commented 10 years ago

Take a look at the wiki here: https://github.com/nathanl/authority/wiki/Using%20Authority%20on%20Controllers%20that%20don%27t%20have%20a%20resource

You might also find the generic "can?" method useful: https://github.com/nathanl/authority#the_generic_can

Let me know if you're still unsure what to do.

gagalago commented 10 years ago

yes thanks. I had not seen that there was a wiki. It might be helpful to the wiki in evidence at the top of readme ?

nathanl commented 10 years ago

Wikis are a standard feature of Github repos, so there is a link on the project homepage. But there are a lot of links, so if you don't know to look for it, it's not obvious.

Glad you got an answer. Enjoy using Authority! :)