This plugin provides a very simple syntax for setting up complex permissions in controllers and/or ActiveRecord models.

Tests are forthcoming, sorry.

Example for Controllers

Role-oriented approach:

  class YourController < ApplicationController
        acts_as_checkpoint :get_user_method => :current_user
        controller_allows :administrator, :to => [ :index, :show, :destroy ]
        controller_allows :registered_user, :to => [ :index, :show, :new, :edit, :create, :update ]
        controller_allows :anonymous_user, :to => [ :index, :show ]
  end

Action-oriented approach:

  class YourController < ApplicationController
        acts_as_checkpoint :get_user_method => :current_user
        controller_allows :index  , :by => [ :administrator, :registered_user, :anonymous_user ]
        controller_allows :show   , :by => [ :administrator, :registered_user ]
        controller_allows :new    , :by => :registered_user
        controller_allows :edit   , :by => :registered_user
        controller_allows :create , :by => :registered_user
        controller_allows :update , :by => :registered_user
        controller_allows :destroy, :by => :administrator
  end

The two approaches may be interspersed at will… just try not to get confused.

Example for Models

  class Dog < ActiveRecord::Base
        belongs_to :owner

        acts_as_checkpoint
        model_may :eat, :drink, :lick
        model_allows :lick, :by => :self
        model_allows :pet, :by => :owner
  end

  class Human < ActiveRecord::Base
        has_many :dogs

        acts_as_checkpoint
        model_may :pet
        model_allows :lick, :by => :dogs
  end

  human = Human.new
  dog = Dog.new( :owner => human )

  human.can_pet?( dog )
  # => true
  dog.can_eat?( human )
  # => false
  dog.can_lick?( human )
  # => true