{"id":16393048,"url":"https://github.com/progm/skill_tree","last_synced_at":"2026-06-11T23:31:19.691Z","repository":{"id":59155889,"uuid":"39939918","full_name":"ProGM/skill_tree","owner":"ProGM","description":"A resource-based ACL system for Rails.","archived":false,"fork":false,"pushed_at":"2015-11-19T14:38:50.000Z","size":54,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-04T00:39:43.151Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ProGM.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-07-30T08:29:50.000Z","updated_at":"2015-08-04T09:37:15.000Z","dependencies_parsed_at":"2022-09-13T18:13:19.569Z","dependency_job_id":null,"html_url":"https://github.com/ProGM/skill_tree","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProGM%2Fskill_tree","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProGM%2Fskill_tree/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProGM%2Fskill_tree/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProGM%2Fskill_tree/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ProGM","download_url":"https://codeload.github.com/ProGM/skill_tree/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240252092,"owners_count":19772046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T04:52:13.512Z","updated_at":"2025-11-11T21:27:11.802Z","avatar_url":"https://github.com/ProGM.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/ProGM/skill_tree.svg)](https://travis-ci.org/ProGM/skill_tree)\n[![Code Climate](https://codeclimate.com/github/ProGM/skill_tree/badges/gpa.svg)](https://codeclimate.com/github/ProGM/skill_tree)\n[![Test Coverage](https://codeclimate.com/github/ProGM/skill_tree/badges/coverage.svg)](https://codeclimate.com/github/ProGM/skill_tree/coverage)\n\n# Role Play\nA resource-based ACL system for Rails.\n\n## Getting started\n\nSkillTree is tested on Rails 4.1+, but should run also on previous versions.\nYou can add it to your Gemfile with:\n\n```ruby\ngem 'skill_tree'\n```\n\nRun the bundle command to install it.\n\nAfter you install SkillTree and add it to your Gemfile, you need to run the generator:\n\n```console\nrails generate skill_tree:install\n```\n\nAnd finally run:\n\n```console\nrake db:migrate\n```\n\nTo run new migrations.\n\n## Configuration\nSkillTree requires at least two models, a **Subject** and a **Resource**.\nThe **Subject** is who could have a role, a **Resource** is who has an acl.\n\nFor example we could have a **User** and a **Post**\n\nLet's setup them:\n\n```ruby\nclass User \u003c ActiveRecord::Base\n  as_skill_tree_subject\n  ...\nend\n\nclass Post \u003c ActiveRecord::Base\n  as_skill_tree_resource\n  ...\nend\n```\n\nYou can also define a default admin role for that post. Example:\n\n```ruby\nclass Post \u003c ActiveRecord::Base\n  belongs_to :user\n  as_skill_tree_resource admin: :user\n  ...\nend\n```\n\nNow, let's define an acl and a list of role for a post.\n\nOpen `config/acl.rb`:\n\n```ruby\nacl :posts_acl, default_for: :posts do |a|\n  a.role :guest do |r|\n    r.can :read\n  end\n\n  a.role :user do |r|\n    r.can :create, :read\n  end\n\n  a.role :editor do |r|\n    r.inherit :user\n    r.can :write\n  end\n\n  a.role :admin do |r|\n    r.inherit :editor\n    r.can :update, :delete\n  end\nend\n```\n\nLet's take a look:\n`:guest` role is a special one: it's the default role for users with no-user (example: users not logged in).\n\n`:user` is the default logged-user role.\n\nThen we have an `:editor` and an `:admin`.\n\n`default_for` means that all posts will have this acl set as default one.\n\nIn fact you can have multiple acl for a single resource type. For example a **private** post could have an acl like this:\n\n\n```ruby\nacl :private_post do |a|\n  a.role :guest do |r|\n  end\n\n  a.role :user do |r|\n    r.can :create, :read\n  end\n\n  a.role :editor do |r|\n    r.inherit :user\n    r.can :read, :write\n  end\n\n  a.role :admin do |r|\n    r.inherit :editor\n    r.can :update, :delete\n  end\nend\n```\n\nAnd you can change it:\n\n```ruby\npost = Post.first\npost.acl = Acl.find_by_name('private_post')\npost.save!\n```\n\nAs default behaviour, the acl are updated each time you startup your application.\n\nTo avoid this, you can add a version number to your acl, so it'll be updated only where the version number changes.\n\n```ruby\nacl :post, version: 1 do |a|\n  ...\nend\n\nacl :post2, version: 3 do |a|\n  ...\nend\n```\n\n## Model methods\n\nNow, let's dig into methods:\n\n```ruby\nuser = User.first\nresource = Post.first\n```\n\n### Set a role to an user:\n\n```ruby\nuser.role! :editor, resource\n```\n\n### Check permissions:\n\n```ruby\nuser.can? :write, resource # =\u003e true\nuser.can? :update, resource # =\u003e false\n```\n\n### Remove roles:\n\n```ruby\nuser.unrole! :editor, resource\nuser.can? :write, resource # =\u003e false\nuser.can? :read, resource # =\u003e true (fallback to :user role)\n```\n\n### Check roles:\n\n```ruby\nuser.role! :editor, resource\nuser.role? :editor, resource # =\u003e true\nuser.role? :admin, resource # =\u003e false\n```\n\n### List all posts given a permission\n\n```ruby\nPost.where_user_can(user, :read)\n```\n\n### Change a resource acl\n\n```ruby\nresource.acl! :private_post\n```\n\n\n## Controller methods\n\nFirst of all, let's include SkillTree in ApplicationController\n\n```ruby\n  include SkillTree::Controller\n```\n\nAs a default behaviour, SkillTree negates access to **any** action of **any** controller (security by default).\n\nYou can use the `allow` method to decide which action allow to be accessed.\n\nHere's an example:\n\n```ruby\nclass MyController \u003c ApplicationController\n  allow(:index, :show) { true } # Everyone can access to index and key\n  allow(:create) { current_user } # Only logged user can create\n  allow(:update) { can?(:update, resource) } # Only logged user can create\n  allow(:destroy) { can?(:destroy, resource) } # Only logged user can create\n\n  def index; end\n  def show; end\n  def create; end\n  def update; end\n  def destroy; end\n\n  private\n\n  def resource\n    @resource ||= Post.find(params[:id])\n  end\nend\n```\n\nYou can use the keyword `:all` to specify the default behaviour for all actions.\n\n```ruby\nclass MyController \u003c ApplicationController\n  allow(:all) { !current_user.nil? }\n\n  ...\nend\n```\n\n### Authorization errors handling\n\nWhen an `allow(...) {}` block returns false, SkillTree::NotAuthorizedError is raised.\n\nYou can capture it in your application controller and define a custom behaviour.\n\n```ruby\nclass ApplicationController \u003c ActionController::Base\n  rescue_from SkillTree::NotAuthorizedError do\n    raise ActionController::RoutingError, 'not found' # This will raise a 404 error\n  end\nend\n```\n\n##Contributing\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\n##License\nSee [LICENSE](https://github.com/ProGM/skill_tree/blob/master/LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprogm%2Fskill_tree","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprogm%2Fskill_tree","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprogm%2Fskill_tree/lists"}