Authorizer is a gem that enables you to authorize on a per-object basis. For example, on a private blog, one user could be ‘editor’ of one blog post, where another user is merely a ‘reader’ of the same post. Authorizer also has a ‘find’ method that lists the objects that belong to a certain user. This merely maps to ActiveRecord::Base.find, so hardly any syntax difference.
u1 = User.first
u2 = User.last
p = Post.create!( :name => “This is my post”, :body => “This is a long story about my post …” )
Authorizer::Base.authorize_user( :object => p, :user => u1 ) # Now u1 is authorized to this object
Authorizer::Base.find(“Post”, :first, nil, :user => u1) # => p
Authorizer::Base.find(“Post”, :first, nil, :user => u2) # => nil
The gem does everything I need it to do for myself. However, I believe it could do so much more since virtually every app needs to have some form of authorization.
If you are in the midst of rolling your own auth solution, or happen to be looking for such a thing, maybe check out Authorizer and we could pimp it to meet the needs of more people out there.
All the best,