This gemmable plugin is used to add granular permissions to your existing ActiveRecord models via the ‘acts_as_ninja_accessible’ class method.
The gem adds models and behaviour that allow you to group users who share a particular permission set.
To enable this your app must have a User model.
Your app will need to grant permissions for your individual models instances to control who can view, edit, destroy or extend them.
These permissions can be granted to individual users or groups, and this process is facilitated by the instance methods that are dynamically added to your models through this plugin.
Each instance of your ninja_accessible model will have the following instance methods available:
-is_viewable_by?(user) -is_editable_by?(user) -is_deleteable_by?(user) -is_extendable_by?(user)
Deciding how and when your ninja_accessible instance has permissions granted is up to you. For example, you may chose to set these permission on creation of the instance, or at some other point in the future. This gem does not concern itself with when or why instances should be accessible to different users, however, the plugin does offer a set of methods that should be used when you want to set permissions on your instance:
-grant_permission_to_group(action, group) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *group is the instance of NinjaAccess::Group to which you want to grant this particular permission -grant_permission_to_groups(action, groups) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *groups is an iterable collection of the NinjaAccess::Group instances, to whom you want to grant this particular permission -grant_permission_to_user(action, user) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *user is the instance of your User class to which you want to grant this particular permission -grant_permission_to_users(action, users) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *user is an iterable collection of the User instances to whom you want to grant this particular permission
All of these methods will create the necessary NinjaAcess::Permission instance if it does not exist. However, there is also a method to facilitate the explicit creation of permissions for your accessible model instance:
-create_view_permission -create_edit_permission -create_delete_permission -create_extend_permission
Complementing the methods above, a ninja accessible model will also be able to revoke permissions from users and groups.
-revoke_permission_from_group(action, group) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *group is the instance of NinjaAccess::Group from which you want to revoke this particular permission -revoke_permission_to_groups(action, groups) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *groups is an iterable collection of the NinjaAccess::Group instances, from whom you want to revoke this particular permission -revoke_permission_to_user(action, user) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *user is the instance of your User class from which you want to revoke this particular permission -revoke_permission_to_users(action, users) *action is a symbol defining one of the pre-defined supported actions (i.e. :view, :edit, :delete, :extend) *user is an iterable collection of the User instances from whom you want to revoke this particular permission
The following scopes are added to your existing model:
-viewable_by(user) - Scope defining all instances of this model that have a view permission which is available to the specified user -editable_by(user) - Scope defining all instances of this model that have an edit permission which is available to the specified user -deleteable_by(user) - Scope defining all instances of this model that have a delete permission which is available to the specified user -extendable_by(user) - Scope defining all instances of this model that have an extend permission which is available to the specified user
There is also an equivalent set of scopes defined for group access, e.g. viewable_by_group(group).
Add the gem to your gemfile gem ‘ninja_access’
Run the generator to install the necessary migrations and create an initializer. rails g ninja_access:install
Run your migrations so the DB changes are applied rake db:migrate
Chose those models whose access you wish to restrict and add the following
class Resource < ActiveRecord::Base ... acts_as_ninja_accessible ... end
1. Clone the repo from GitHub git@github.com:ExamTime/ninja_access.git 2. cd ninja_access 3. bundle install 4. cd spec/dummy 5. bundle exec rake db:create && bundle exec rake db:migrate && bundle exec rake db:test:prepare 6. cd ../.. 7. bundle exec rake
NB You will need to set you root MySQL password in the file spec/dummy/config/database.yml, but you should not check these changes into source control:
“‘
> git update-index --assume-unchanged spec/dummy/config/database.yml
“‘