{"id":19474564,"url":"https://github.com/tomasc/mongoid_ability","last_synced_at":"2025-04-25T12:31:50.610Z","repository":{"id":25114122,"uuid":"28535603","full_name":"tomasc/mongoid_ability","owner":"tomasc","description":"Custom Ability class that allows CanCanCan authorization library store permissions in MongoDB via the Mongoid gem.","archived":false,"fork":false,"pushed_at":"2024-09-04T07:01:28.000Z","size":228,"stargazers_count":3,"open_issues_count":3,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-14T07:05:48.750Z","etag":null,"topics":["authorization","cancancan","mongoid","permissions"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tomasc.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-12-27T11:50:53.000Z","updated_at":"2024-07-17T11:46:15.000Z","dependencies_parsed_at":"2024-11-10T19:25:49.233Z","dependency_job_id":"e0945861-b8ec-4428-81f0-ac164da48e92","html_url":"https://github.com/tomasc/mongoid_ability","commit_stats":{"total_commits":205,"total_committers":3,"mean_commits":68.33333333333333,"dds":"0.12195121951219512","last_synced_commit":"88d7f47ed0b374f7de21be024523b661a0601859"},"previous_names":[],"tags_count":52,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasc%2Fmongoid_ability","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasc%2Fmongoid_ability/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasc%2Fmongoid_ability/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasc%2Fmongoid_ability/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tomasc","download_url":"https://codeload.github.com/tomasc/mongoid_ability/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250817783,"owners_count":21492221,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","cancancan","mongoid","permissions"],"created_at":"2024-11-10T19:25:41.925Z","updated_at":"2025-04-25T12:31:47.575Z","avatar_url":"https://github.com/tomasc.png","language":"Ruby","readme":"# Mongoid Ability\n\n[![Build Status](https://travis-ci.org/tomasc/mongoid_ability.svg)](https://travis-ci.org/tomasc/mongoid_ability) [![Gem Version](https://badge.fury.io/rb/mongoid_ability.svg)](http://badge.fury.io/rb/mongoid_ability) [![Coverage Status](https://img.shields.io/coveralls/tomasc/mongoid_ability.svg)](https://coveralls.io/r/tomasc/mongoid_ability)\n\nCustom `Ability` class that allows [CanCanCan](https://github.com/CanCanCommunity/cancancan) authorization library store permissions in [MongoDB](http://www.mongodb.org) via the [Mongoid](https://github.com/mongoid/mongoid) gem.\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'mongoid_ability'\n```\n\nAnd then execute:\n\n```\n$ bundle\n```\n\nOr install it yourself as:\n\n```\n$ gem install mongoid_ability\n```\n\n## Setup\n\nThe permissions are defined by a `Lock` that applies to a `Subject` and defines access for its owner – `User` and/or its `Role`.\n\n### Lock\n\nA `Lock` class can be any class that include `MongoidAbility::Lock`. There should be only one such class in an application.\n\n```ruby\nclass MyLock\n    include Mongoid::Document\n    include MongoidAbility::Lock\n\n    embedded_in :owner, polymorphic: true\nend\n```\n\nThis class defines a permission itself using the following fields:\n\n`:subject_type, type: String`\n`:subject_id, type: Moped::BSON::ObjectId`\n`:action, type: Symbol, default: :read`\n`:outcome, type: Boolean, default: false`\n\nThese fields define what subject (respectively subject type, when referring to a class) the lock applies to, which action it is defined for (for example `:read`), and whether the outcome is positive or negative.\n\n### Subject\n\nAll subjects (classes which permissions you want to control) will include the `MongoidAbility::Subject` module.\n\nEach action and its default outcome needs to be defined using the `.default_lock` macro.\n\n```ruby\nclass MySubject\n    include Mongoid::Document\n    include MongoidAbility::Subject\n\n    default_lock MyLock, :read, true\n    default_lock MyLock, :update, false\nend\n```\n\nThe subject classes can be subclassed. Subclasses inherit the default locks (unless they override them), the resulting outcome being correctly calculated bottom-up the superclass chain.\n\nAdditionally the locks can be converted to Mongoid criteria:\n\n```ruby\nMySubject.accessible_by(ability, :read)\n```\n\n### Owner\n\nThis `Ability` class supports two levels of inheritance (for example User and its Roles). The locks can be either embedded (via `.embeds_many`) or associated (via `.has_many`). Make sure to include the `as: :owner` option.\n\n```ruby\nclass MyUser\n    include Mongoid::Document\n    include MongoidAbility::Owner\n\n    embeds_many :locks, class_name: 'MyLock', as: :owner\n    has_and_belongs_to_many :roles, class_name: 'MyRole'\n\n    # override if your relation is named differently\n    def self.locks_relation_name\n      :locks\n    end\n\n    # override if your relation is named differently\n    def self.inherit_from_relation_name\n      :roles\n    end\nend\n```\n\n```ruby\nclass MyRole\n    include Mongoid::Document\n    include MongoidAbility::Owner\n\n    embeds_many :locks, class_name: 'MyLock', as: :owner\n    has_and_belongs_to_many :users, class_name: 'MyUser'\nend\n```\n\nBoth users and roles can be further subclassed.\n\nThe owner also gains the `#can?` and `#cannot?` methods, that are delegate to the user's ability. It is then easy to perform permission checks per user:\n\n```ruby\ncurrent_user.can?(:read, resource, options)\nother_user.can?(:read, ResourceClass, options)\n```\n\nAbility can be easily obtained as:\n\n```ruby\ncurrent_user.ability\n```\n\n### Caching\n\nThe ability object is fully cache-able, which means it is possible to save some precious time on every request (instead of always converting the Lock documents to CanCan rules):\n\n```ruby\nclass ActionController::Base\n  def current_ability\n    @current_ability ||= Rails.cache.fetch([current_user.cache_key, 'ability'].join('/')) do\n      MongoidAbility::Ability.new(current_user)\n    end.tap do |ability|\n      ability.owner ||= current_user\n    end\n  end\nend\n```\n\nAnd on the owner:\n\n```ruby\ndef ability\n  @ability ||= Rails.cache.fetch([cache_key, 'ability'].join('/')) do\n    MongoidAbility::Ability.new(self)\n  end.tap do |ability|\n    ability.owner ||= self\n  end\nend\n```\n\nOf course this assumes the user's `cache_key` updates when any of its locks (or locks stored on its roles) change.\n\nNote the owner has to be assigned after fetching the ability from cache.\n\n### Decoration\n\nTo be able to check permissions on decorated objects (for example via the Draper gem) subclass the Ability class as follows:\n\n```ruby\nclass MyAbility \u003c MongoidAbility::Ability\n  def can?(action, subject, *extra_args)\n    while subject.is_a?(Draper::Decorator)\n      subject = subject.model\n    end\n\n    super(action, subject, *extra_args)\n  end\nend\n```\n\n### CanCanCan\n\nThe default `:current_ability` defined by [CanCanCan](https://github.com/CanCanCommunity/cancancan) will be automatically overriden by the `Ability` class provided by this gem.\n\n## Usage\n\n1. Setup subject classes and their default locks.\n2. Define permissions using lock objects embedded (or associated to) either in user or role.\n3. Use standard [CanCanCan](https://github.com/CanCanCommunity/cancancan) helpers (`.authorize!`, `#can?`, `#cannot?`) to authorize the current user.\n\n## Contributing\n\n1. Fork it ( https://github.com/tomasc/mongoid_ability/fork )\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create a new Pull Request\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasc%2Fmongoid_ability","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomasc%2Fmongoid_ability","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasc%2Fmongoid_ability/lists"}