Project

ostiary

0.0
Low commit activity in last 3 years
No release in over a year
ostiarynedap/ostiaryHomepageDocumentationSource CodeBug Tracker
Ostiary is a security gem for your (rails) controllers & actions. It employs a before_filter-like call to set policies per controller/action. You can pass your own security call in block and handle the PolicyBroken yourself. Policies are also inherited from parent classes. From wikipedia: "An ostiarius, a Latin word sometimes anglicized as ostiary but often literally translated as porter or doorman, originally was a servant or guard posted at the entrance of a building. See also gatekeeper."
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
46,524
Stars
0
Forks
1
Watchers
7
 Releases
Current version
0.16.0
Total releases
8
First release
2017-01-19
Latest release
2023-03-28
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
4
Merged Pull Requests
12
Pull Request Acceptance Rate
75%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2018-10-15
Reverse Dependencies
0

 Dependencies

Development

rspec
~> 3.0
rspec_junit_formatter
>= 0
bundler
>= 2.3.18
rake
>= 12.3.3
 Project Readme

Ostiary

An ostiarius, a Latin word sometimes anglicized as ostiary but often literally translated as porter or doorman, originally was a servant or guard posted at the entrance of a building. See also gatekeeper.

Functionality

CircleCI Status

This gem will help you enforce 'policies' when viewing controllers/actions. This is done by requiring certain roles for controllers, where you can optionally include or exclude certain actions.

Installation

Add this line to your application's Gemfile:

gem 'ostiary'

And then execute:

$ bundle

Or install it yourself as:

$ gem install ostiary

Usage

Primary setup

In your base Controller class do the following for Rails:

# This class creates a class accessor called :ostiary on each (inherited) controller.
#  With each controller created, it will stack the policies you add
include Ostiary::ControllerHelper

before_filter :ensure_authorized!

# Because each ostiary is unique for a controller, you only have to supply the current action.
#  With this, it can check if there are certain policies that will be broken.
def ensure_authorized!
  self.class.ostiary.authorize!(action) do |name|
    # Your authorization method using name.
    #  e.g. `current_user.has_right?(name)`
  end
rescue Ostiary::PolicyBroken => error
  # We re-raise the Error as a RoutingError in Rails
  #  You can also do `return head :forbidden` if that's more in line with your needs.
  raise ActionController::RoutingError.new(error.message)
end

Securing controllers

In each controller you wish to secure, you can call ostiary_policy, just like before_filter & after_filter of Rails.

# Require the :list role on the entire controller
ostiary_policy :list

# Require the :view role only on the index & show actions
ostiary_policy :view, only: [:index, :show]

# Require the :edit role except on the index & show actions
ostiary_policy :edit, except: [:index, :show]

These policies will be added to the ostiary instance created for each Controller Class. It will also include each policy inherited from parent classes.

Checking for a right

You can also ask if a user is authorized to access to a certain path (url).

in your Controller:

def authorized?(path)
  # recognize_path is a Rails Routing helper that will return a hash with the controller
  #  and action of the path you supplied. We'll have to transform that String of the
  #  controller into an actual Class.
  return false unless route = Rails.application.routes.recognize_path(path)
  requested_controller = "#{route[:controller]}_controller".camelize.constantize
  requested_controller.ostiary.authorized?(route[:action]) do |role|
    # Your authorization method using name.
  end
end

License

ostiary is Copyright 2017 nedap and released under the MIT license which you should find included in the LICENSE.txt file.