-
Notifications
You must be signed in to change notification settings - Fork 45
User AC engine
The User Access Control engine, is the latest engine provided by CanTango. This engine allows you to specify persisted permissions on a per user (or per account) level, stored in your data store (or DB) of choice. This engine is based on the permission system from the Rails in Action book.
To generate the Permission model, use the built in cantango:permission generator
$ rails g cantango:permission User
Follow the instructions printed by this generator to modify the Permission model to something like this:
class Permission < ActiveRecord::Base
belongs_to :user
belongs_to :thing, :polymorphic => true
endThe Permission candidate (typically a User model) has the following requirements:
For performance optimization it is required that you define a callback, to recalculate a #permissions_hash anytime this collection changes. This way it is much faster to determine whether to use the cached permission rules or not!
Also, you are required to have a method #all_permissions which returns the collection of all the permissions for the user. This is because, depending on the ORM chosen, calling permissions directly will in some cases not return this array but some derivative thereof instead (fx a relation/query object on which you must call #all
class User < ActiveRecord::Base
has_many :permissions
after_update :recalculate_permissions_hash
def permissions_hash
@permissions_hash ||= permissions.hash
end
# allows implementation specific to ORM, fx using #all on some datastores such as Mongoid etc.
alias_method :all_permissions, :permissions
protected
# invalidate hash when underlying collection has changed
def recalculate_permissions_hash
@permissions_hash = nil if self.permissions_changed?
end
endSee the specs for an example of this configuration, using a generic model. A full AR example will soon be included as well.
Alternative ORM example (Mongoid):
class User
include Mongoid::Document
#...
def all_permissions
permissions.all
end
end