Authentication options get a lot of press these days, but there is another Auth that can still be a pain: Authorization. ACLatraz from Kriss Kowalik caught our eye because it’s inspired by *nix Access Control Lists (ACLs), powered by Redis, and has a sense of humor.
Install ACLatraz via Ruby gems
gem install aclatraz
and configure your Redis-based storage
Aclatraz.init :redis, "redis://localhost:6379/0"
Everyone is a
In keeping with the Alcatraz theme, actors in your authorization system are deemed
class Account < ActiveRecord::Base include Aclatraz::Suspect end
ACLatraz supports global, class-related, and object-related roles:
# global admin role @account.roles.assign(:admin) # or ... @account.is.admin! # Page class-related role @account.roles.assign(:responsible, Page) # or... @account.is.responsible_for!(Page) # object-related role for page 15 @account.roles.assign(:author, Page.find(15)) # or... @account.is.author_of!(Page.find(15))
Once, assigned you can interrogate your suspects a couple of ways using
@account.roles.has?(:admin) # => true @account.roles.has?(:responsible, Page) # => true @account.roles.has?(:author, Page.find(15) # => true
… or the more natural semantic shortcuts:
@account.is_not.admin? # => false @account.is_not.responsible_for?(Page) # => false
Guarding The Rock
To enable access control on an object, include the
class Page include Aclatraz::Guard suspects :account do deny all # notice that it's a method, not symbol allow :admin end end
Check the README for even more features including custom actions, aliases, and class inheritance.