Project

has_strong_policy

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
has_strong_policyloz/has_strong_policyDocumentationSource CodeBug TrackerWiki
Simple params policy delegation for rails
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Popularity
Downloads
4,182
Stars
0
Forks
0
Watchers
1
 Releases
Current version
0.0.1
Total releases
1
First release
2013-03-09
Latest release
2013-03-09
 Development
Primary Language
Ruby
Average date of last 50 commits
2013-02-27
Reverse Dependencies
0

 Dependencies

Runtime

activesupport
>= 0
 Project Readme

Build Status Code Climate Dependency Status Gem Version

HasStrongPolicy

Simple delegation for your strong paramters

Installation

Add this line to your application's Gemfile:

gem 'has_strong_policy'

And then execute:

$ bundle

Or install it yourself as:

$ gem install has_strong_policy

Usage

This gem provides a simple delgation framework for controllers and similar for using strong parameters in rails. This allows:

  • Shared policy to be applied for multiple similar models (eg. STI)
  • Shared policy for the same model in different contexts (e.g. APIs)
  • More expressive declaration of paramter securing policies

Connecting your controller

To use HasStrongPolicy in your rails controller, simply include it, and turn it on:

class UserController < ApplicationController
  include HasStrongPolicy::ControllerHelper

  has_strong_policy
end

This will provider automatic delgation to a conventionally named ParamsPolicy, in this case this would be the UserParamsPolicy.

To access the params, simply use the policy_params helper, and you'll receive a clean param hash with all the policy already applied to strong params

You can specify a specifc class to delegate security to by providing :using:

class SettingsController < ApplicationController
  include HasStrongPolicy::ControllerHelper

  has_strong_policy :using => UserParamsPolicy
end

Requesting the Params

You request the params filtered through the policy using policy_params in place of regular params. You can also supply options, like so:

User.new(policy_params(:as => :admin))

Defining your securing policy

You can a plain old ruby object for your policy object, or use the given policy definition class to build expressive rulesets.

Simple Ruby Interface

Your ruby class should be named conventionally (unless you explicitly specify with :using. The object simply needs to respond to :apply taking the rails params and an options hash.

class UserParamsPolicy
  def apply(params, options)
    acceptable = [:email, :name]
    if options[:role] == :admin
      acceptable << :is_admin
    end
    params.require(:user).permit(acceptable)
  end
end

Using the Policy class and DSL:

Secures Params provides a DSL based policy class which allows succinct definition of policies for defaults, specific actions or older accesible :as style roles:

class UserParamsPolicy < HasStrongPolicy::Policy
  policy do |p|
    p.required :user
    p.permitted :first_name, :last_name, :dob

    p.on :create do |p|
      p.permitted :email

      p.as :admin do |p|
        p.permitted :is_admin
      end
    end
  end
end

Sub definitions inherit the policy from prior ones. So in the above case, user has name and dob permitted, but in the create action they can also set email.

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request