Wednesday, March 12, 2014

User Authorization with Rolify and Cancan

Step 1: Installation

In Rails 3, add this to your Gemfile and run the +bundle+ command.

In /Gemfile,

gem 'rolify'
gem 'cancan'

$ bundle install

Step 2: Generate Role Model

First, create your Role model and migration file using this generator:

$ rails g rolify Role User

Role and User classes are the default. You can specify any Role class name you want. This is completly a new file so any name can do the job. For the User class name, you would probably use the one provided by your authentication solution. rolify just adds some class methods in an existing User class.

Step 3: Run the migration (only required when using ActiveRecord)

Let's migrate!

$ rake db:migrate

Step 4: Configure your resource models

In the resource models you want to apply roles on, just add resourcify method. For example, on this ActiveRecord class:

In /app/models/post.rb,

class Post < ActiveRecord::Base
  resourcify

  //the other association...
end

Step 5: Adding Associations to Role and User Models

In /app/models/user.rb,

class User < ActiveRecord::Base
  rolify

  devise :database_authenticatable, :registerable,
         :rememberable, :trackable, :validatable

  attr_accessible :email, :password, :password_confirmation, :remember_me

  attr_accessor :current_role
end

Step 6: Define Abilities

User permissions are defined in an Ability class. CanCan 1.5 includes a Rails 3 generator for creating this class.

$ rails g cancan:ability

Step 7: Define Roles and Abilities using Cancan

In /app/models/ability.rb,

class Ability
  include CanCan::Ability

  def initialize(user)

    user ||= User.new # This is used for not logged user if you have a need for it

    if user.has_role? :blog_owner
      can :manage, :all
    else
      if user.has_role? :writer
        can :create, Post
        can :read, Post
        can :update, Post
        can :delete_tags, Post
        can :delete_labels, Post
        cannot :destroy, Post
      
        can :create, Comment
        can :destroy, Comment

        can :manage, Tag
      
        cannot :manage, Author
      end

      can :read, :all

      can :add_favourite, Post
      can :delete_favourite, Post
    end
  end
end

In /app/models/role.rb,

class Role < ActiveRecord::Base
  attr_accessible :name
end

Step 8: Populating the Database with seeds.rb

In /db/seeds.rb,

Author.create([{ name: 'Joseph' }, { name: 'Dhendy' }, { name: 'Kirby' }])

Role.create([{ name: 'blog_owner' }, { name: 'writer' }])

user = User.create(email: 'owner@kirby.com', password: '1234567890')
user.add_role :blog_owner

user = User.create(email: 'writer@kirby.com', password: '1234567890')
user.add_role :writer

$ rake db:seed

EppO/rolify · GitHub
ryanb/cancan · GitHub
Return to Internship Note (LoanStreet)
Previous Episode: CarrierWave File Uploads
Next Episode: Create User Profile Rails App

0 comments:

Post a Comment