Robert Thau from Smartleaf proposes a cool idea for implementing DSL for use in Active Record permissions. It makes it easy for a lot of users to have access rights and very exciting at the same time…

This is the Tease….

class Order < ActiveRecord::Base

  access_control_keys ['id', 'owner_id', 'paid']

  require_privilege :place,
    :for_action => :create,
    :to_update_attribute => [:payment_authenticator, :paid]

  require_privilege :edit,      # LineItem also checks this for attr changes
    :to_associate_as  => ['LineItem#order'],
    :to_dissociate_as => ['LineItem#order'],
    :to_update_attribute => [ :shipping_address ]

  require_privilege :ship,       :to_update_attribute => :shipped

  ...

end

 

The implementation:

• Data model
• Checking privileges: does user x have privilege y on this order?
• Finding all orders where user x has privilege y
• Adding privilege checks in interesting places…
  • On events: create, update…
  • On attribute sets
  • For associations

It’s just Ruby! Class variables and class methods:

• All declared privileges (for choosers in the UI)
• Dual-keyed hash: reflected_privilege[type][key]
• … e.g., reflected_privilege[:read_attribute][attr]
• … e.g., reflected_privilege[:associate][assoc_key]
• Class helpers (permits_update_attr?, etc.) just read the hash, and do the appropriate check.

Read more on:

 

http://www.smartleaf.com/rst/perm_present/perm_present.html

No downloadable code (yet), but still cool

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

This entry was posted on Monday, November 19th, 2007 at 10:49 am and is filed under Cool, Enterprise, Opinions, Praises, Rails, Ruby, Tips, Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.