Rails object based permission/authorization engine?

Question

Hi

I want to add "Sharing documents" feature to my app, like in google documents service. As i see:

User can:

• can list/view/create/edit/delete own documents
• share own document to everyone - its a public document
• share own document to another user with read-only access
• share own document to another user with read-write access
• view list of own documents and users to whom he gave permission to read and write
• view list of foreign documents
• view/edit foreign document with read/write permissions

Please tell me, which permission/authorization solution is preffered for my task?

Answer 1

You can look at some authorization plugins available here:

http://www.ruby-toolbox.com/categories/rails_authorization.html

As for object level authorization/permission, it looks like canable can do this:

http://github.com/jnunemaker/canable

From the example in the readme:

class Article
  include MongoMapper::Document
  include Canable::Ables
  userstamps! # adds creator and updater

  def updatable_by?(user)
    creator == user
  end

  def destroyable_by?(user)
    updatable_by?(user)
  end
end

You could also define a viewable_by? method. You would still need some kind of permission fields or association on the document model, but after that you could use canable to simplify authorization in your controller/views.