Declarative Authorization

The declarative authorization plugin offers an authorization mechanism inspired by RBAC. The most notable distinction to existing authorization plugins is the declarative authorization approach. That is, authorization rules are not programmatically in between business logic but in an authorization configuration.

Currently, Rails authorization plugins only provide for programmatic authorization rules. That is, the developer needs to specify which roles are allowed to access a specific controller action or a part of a view, which is not DRY. With a growing application code base and functions, as it happens especially in agile development processes, it may be decided to introduce new roles. Then, at several places of the source code the new group needs to be added, possibly leading to omissions and thus hard to test errors. Another aspect are changing authorization requirements in development or even after taking the application into production. Then, privileges of certain roles need to be easily adjusted when the original assumptions concerning access control prove unrealistic. In these situations, a declarative approach as offered by this plugin increases the development and maintenance efficiency.

Plugin features

• Authorization at controller action level
• Authorization helpers for Views
• Authorization at model level
  • Authorize CRUD (Create, Read, Update, Delete) activities
  • Query rewriting to automatically only fetch authorized records
• DSL for specifying Authorization rules in an authorization configuration

Owner: Steffen Bartsch

Home: http://github.com/stffn/declarative_authorization/wikis

Repository: git://github.com/stffn/declarative_authorization.git

License: Rails' (MIT)

Category: Security