GateKeeper, Model Level Permissions Management

I'm pleased to announce the official release of "GateKeeper".

GateKeeper is a Rails plugin that provides easy to use methods to declare access permissions to instances of ActiveRecord classes at the model level. Permissions may be based on either a user's roles (such as Admin, Moderator, etc) or on associations with other models.

In most simple and straight forward Rails projects, scoping your finds through has_many associations is probably sufficient for ensuring that users can't get at data they aren't supposed to. For example, a show action might simply call "@note = User.current.notes.find(params[:id])" to ensure that the current user owns the note they're trying to read, or it won't even find it.

However, things quickly get more difficult when users need limited access to other user's objects based on different roles (such as Admin, Moderator, Premium Subscriber, Employee of the Month, etc), or based on their relationship with the object's owner (such as Owner, Supervisor of the Owner, etc). You might want to allow variety of people to read certain objects based on a variety of different roles and relationships, and only allow a subset of those people to update or destroy the same objects.

GateKeeper makes this absurdly easy to setup and maintain by allowing you to simply make declarations right in your model like...

createable_by_my_author
crudable_by_admin
readable_by_premium_member :if => :published?
updateable_by_boss_of_my_author :unless => lambda {|article| article.draft_number < 3 }
readable_as_my_parent

If a user on your site tries to perform an action on an instance of any ActiveRecord model, and permission to perform that action hasn't been explicitly granted to that user via a declaration like the samples above, then the action is canceled and an error is raised.

GateKeeper also provides an option to do permission scoping on finds, automatically removing records from arrays returned by ActiveRecord finders that the current user doesn't have permission to read. This is disabled by default and a permission error is raised if a finder returns an object the user doesn't have permisison to read.

More Info Here: http://5valleys.com/posts/show/34
Online Documentation/Installation Instructions Here: http://gatekeeper.rubyforge.org/

Feedback and Questions strongly encouraged.

I put gate_keeper folder to vendor directory..And restarted IDE(Eclipse)
and I get an error

private method `find' called for ServiceDeskStatus:Class

Here ServiceDeskStatus is one of my Activeecord class.

The error occured at view
select("sd_ticket", "service_desk_status_id",
ServiceDeskStatus.find(:all).collect {|p| [ p.name, p.id ] },options
={:prompt => "<< Select any >>"})

What would be the cause for this?I am using rails 1.2.5 and ruby 1.8.6

Thanks in advance
Sijo

Sijo Kg wrote:

I put gate_keeper folder to vendor directory..And restarted IDE(Eclipse) and I get an error

private method `find' called for ServiceDeskStatus:Class

Here ServiceDeskStatus is one of my Activeecord class.

The error occured at view
select("sd_ticket", "service_desk_status_id", ServiceDeskStatus.find(:all).collect {|p| [ p.name, p.id ] },options ={:prompt => "<< Select any >>"})

What would be the cause for this?I am using rails 1.2.5 and ruby 1.8.6

Thanks in advance
Sijo
  

Hmmm.. Well, for starters, it probably would have been good of me to mention that GateKeeper was built for Rails 2.0.2 and I haven't tested it on versions prior to that. So, it might just not be compatible. Based, on what you gave above, that's my strong suspicion. I'll add a comment to the online docs to warn people about that and hopefully save somebody a headache or two.