19 Nov 2007
Sexy DSL for Active Record Permissions
Author: ceefour | Filed under: Cool, Enterprise, Opinions, Praises, Rails, Ruby, Tips, ToolsRobert Thau from Smartleaf proposes a cool idea for implementing DSL for use in Active Record permissions. It makes it easy for a lot of users to have access rights and very exciting at the same time…
This is the Tease….
class Order < ActiveRecord::Base access_control_keys ['id', 'owner_id', 'paid'] require_privilege :place, :for_action => :create, :to_update_attribute => [:payment_authenticator, :paid] require_privilege :edit, # LineItem also checks this for attr changes :to_associate_as => ['LineItem#order'], :to_dissociate_as => ['LineItem#order'], :to_update_attribute => [ :shipping_address ] require_privilege :ship, :to_update_attribute => :shipped ... end
The implementation:
- Data model
- Checking privileges: does user x have privilege y on this order?
- Finding all orders where user x has privilege y
- Adding privilege checks in interesting places…
- On events: create, update…
- On attribute sets
- For associations
It’s just Ruby! Class variables and class methods:
- All declared privileges (for choosers in the UI)
- Dual-keyed hash: reflected_privilege[type][key]
- … e.g., reflected_privilege[:read_attribute][attr]
- … e.g., reflected_privilege[:associate][assoc_key]
- Class helpers (permits_update_attr?, etc.) just read the hash, and do the appropriate check.
http://www.smartleaf.com/rst/perm_present/perm_present.html
No downloadable code (yet), but still cool 
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
-
StevenT
-
Robert Thau
-
himachie
-
Vince