RubyFlow The Ruby and Rails community linklog

×

The Ruby and Rails community linklog

Made a library? Written a blog post? Found a useful tutorial? Share it with the Ruby community here or just enjoy what everyone else has found!

Fat Model Auth - Flexable Authorization

by brentgreeff

Fat Model Auth has become an essential in my Rails projects.

Keep the controllers simple:

before_filter :auth_required

View:

<% if allowed_to? :edit_or_destroy => @article -%>

Conditions are delegated to the model. Changing the rules later require no changes to your controllers or views. Useful when dealing with state:

allows :show,
  :if => proc {|article, user|
    return false if article.marked_as_deleted?
    return true if user == article.author
    article.published?
  }

Comments

Something has been lost in the view code example, it should be:

if allowed_to? :edit_or_destroy => @article

enclosed in the usual haml/erb tags.

brentgreeff

Smaller summary next time so other articles fit on the page please.

wbailey

Will do, I think it would be better if there was a summary that appeared on the listing, and more info on a detail page. It might also be cool to allow editing after its created.

I also noticed a bug, if the post fails validation, rel=nofollow is added recursively, I was struggling to figure out why I could not get the post under the character limit.

It also might be cool to notify the author of comments.

Just some ideas.

brentgreeff

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in