https://github.com/gnab/sinatra-authorize

Smooth authentication-agnostic rule-based authorization extension for Sinatra.
https://github.com/gnab/sinatra-authorize

Last synced: 3 months ago
JSON representation

Smooth authentication-agnostic rule-based authorization extension for Sinatra.

• Host: GitHub
• URL: https://github.com/gnab/sinatra-authorize
• Owner: gnab
• License: mit
• Created: 2011-04-16T14:28:31.000Z (over 13 years ago)
• Default Branch: master
• Last Pushed: 2011-05-21T18:59:30.000Z (over 13 years ago)
• Last Synced: 2024-05-13T23:20:51.431Z (6 months ago)
• Language: Ruby
• Homepage: https://github.com/gnab/sinatra-authorize
• Size: 97.7 KB
• Stars: 10
• Watchers: 4
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: HISTORY.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-sinatra - Sinatra-authorize - Smooth authentication-agnostic rule-based (Authroization)

README

        
# sinatra-authorize

### Authentication-agnostic rule-based authorization extension for Sinatra

Provides a flexible rule-based authorization framework:

* Define `authorize` block for evaluating rules

* Set default rule for all routes

* Override default rule per route

Choice of authentication approach is entirely up to the application.

### Installation

    gem install sinatra-authorize

### Usage

Define `authorize` block for evaluating rules, and optionally set the default rule:

    authorize :deny => :all do |rule, args|

      # evaluate rule 

    end

Omitting a default rule when defining the `authorize` block makes 

`:allow => []` the default rule.

Override default rule per route:

    get '/', :allow => :all do

      # :allow => :all rule overrides default :deny => :all rule

    end

Authorization is performed just before the route is evaluated, after the

pattern has been matched and any other conditions have been evaluated.

#### Usage scenario

Simple scenario with default `:allow` rule, which is overriden for protected 

routes:

    require 'sinatra'

    require 'sinatra/authorize'

    enable :sessions

    authorize do |rule, args|

      if args == [:user]

        session[:user] != nil

      elsif args == [:admin]

        session[:admin] != nil

      end

    end

    # Availabe to all, as default rule is :allow => []

    get '/' do

    end

    # Availabe to all, as default rule is :allow => []

    post '/authenticate' do

      if params[:username] == 'username' && params[:password] == 'password'

        session[:user] = params[:username]

        if session[:user] == 'admin'

          session[:admin] = true

        end

      end

    end

    # Only run for authorized user requests, because of override rule 

    get '/content/:id', :allow => :user do

    end

    # Only run for authorized admin requests, because of override rule 

    get '/admin/content/:id', :allow => :admin do

    end

The `authorize` block only needs to handle the `:allow` rules present in the 

scenario. Also, only the rule arguments used, `:user` and `:admin`, are 

accounted for. No default rule is set when defining the `authorize` block, 

thus making `:allow => []` the default rule. The routes `/` and `/authenticate` 

is evaluated using the default `:allow` rule, whereas the `/content/:id` and 

`/admin/content:id` routes override the default rule.

### License 

sinatra-authorize is licensed under the MIT license. See LICENCE for further 

details.