Convert Figma logo to code with AI

RolifyCommunity logorolify

Role management library with resource scoping

3,151
402
3,151
149
View on GitHub

Top Related Projects

CanCanCommunity's avatar

cancancan

5,559

The authorization Gem for Ruby on Rails.

stffn's avatar

declarative_authorization

1,244

An unmaintained authorization plugin for Rails. Please fork to support current versions of Rails

varvet's avatar

pundit

8,249

Minimal authorization through OO design and pure Ruby classes

ryanb's avatar

cancan

6,271

Authorization Gem for Ruby on Rails.

heartcombo's avatar

devise

23,904

Flexible authentication solution for Rails with Warden.

Quick Overview

Rolify is a Ruby gem that provides role management functionality for Rails applications. It allows developers to easily assign and manage roles for users, offering a flexible and customizable solution for implementing authorization in web applications.

Pros

  • Easy integration with Rails applications
  • Supports multiple role storage options (e.g., dedicated roles table, embedded roles)
  • Offers scoped roles for fine-grained access control
  • Provides a simple and intuitive API for role management

Cons

  • Limited to Ruby on Rails applications
  • May require additional setup for complex authorization scenarios
  • Performance can be impacted with a large number of roles and users
  • Documentation could be more comprehensive for advanced use cases

Code Examples

  1. Adding roles to a user:
user = User.find(1)
user.add_role :admin
user.add_role :moderator, Forum.first
  1. Checking if a user has a role:
user.has_role? :admin
user.has_role? :moderator, Forum.first
  1. Retrieving users with a specific role:
User.with_role(:admin)
User.with_role(:moderator, Forum.first)
  1. Removing a role from a user:
user.remove_role :admin
user.remove_role :moderator, Forum.first

Getting Started

  1. Add Rolify to your Gemfile:
gem 'rolify'
  1. Run bundle install:
bundle install
  1. Run the Rolify generator:
rails g rolify Role User
  1. Run migrations:
rails db:migrate
  1. Add Rolify to your User model:
class User < ApplicationRecord
  rolify
end

Now you can start using Rolify to manage roles in your Rails application.

Competitor Comparisons

CanCanCommunity logo

cancancan

5,559

The authorization Gem for Ruby on Rails.

Pros of CanCanCan

  • More intuitive and expressive syntax for defining permissions
  • Built-in support for controller integration and view helpers
  • Easier to implement fine-grained authorization rules

Cons of CanCanCan

  • Can become complex for large applications with many roles and permissions
  • Potential performance impact when checking multiple permissions
  • Less suitable for role-based access control (RBAC) scenarios

Code Comparison

CanCanCan:

class Ability
  include CanCan::Ability

  def initialize(user)
    can :read, Post
    can :manage, Post, user_id: user.id
  end
end

Rolify:

class User < ApplicationRecord
  rolify

  after_create :assign_default_role

  private

  def assign_default_role
    self.add_role(:member) if self.roles.blank?
  end
end

CanCanCan focuses on defining abilities and permissions directly, while Rolify emphasizes role management. CanCanCan's syntax is more declarative for specifying what users can do, whereas Rolify provides a clean way to assign and manage roles. The choice between the two depends on whether your application requires more granular permission control (CanCanCan) or role-based access management (Rolify).

stffn logo

declarative_authorization

1,244

An unmaintained authorization plugin for Rails. Please fork to support current versions of Rails

Pros of declarative_authorization

  • More fine-grained control over permissions and roles
  • Supports complex authorization rules with a DSL
  • Integrates well with Rails controllers and views

Cons of declarative_authorization

  • Less actively maintained compared to Rolify
  • Steeper learning curve due to its DSL
  • May require more setup and configuration

Code Comparison

declarative_authorization:

authorization do
  role :admin do
    has_permission_on [:articles, :comments], :to => [:index, :show, :new, :create, :edit, :update, :destroy]
  end
end

Rolify:

class User < ApplicationRecord
  rolify
end

user.add_role :admin
user.has_role? :admin

Summary

declarative_authorization offers more granular control over permissions but requires more setup and has a steeper learning curve. Rolify, on the other hand, provides a simpler and more intuitive API for basic role management. The choice between the two depends on the complexity of your authorization requirements and your preference for either a more declarative or programmatic approach to role management.

varvet logo

pundit

8,249

Minimal authorization through OO design and pure Ruby classes

Pros of Pundit

  • Lightweight and minimalistic approach to authorization
  • Integrates seamlessly with Rails controllers and views
  • Encourages separation of concerns with policy objects

Cons of Pundit

  • Requires more manual setup and configuration
  • Less out-of-the-box functionality for complex role management
  • May lead to more boilerplate code for simple authorization scenarios

Code Comparison

Pundit:

class PostPolicy
  def initialize(user, post)
    @user = user
    @post = post
  end

  def update?
    @user.admin? || @post.author == @user
  end
end

Rolify:

class User < ApplicationRecord
  rolify

  def can_update_post?(post)
    has_role?(:admin) || post.author == self
  end
end

Pundit focuses on policy objects for authorization, while Rolify provides a role management system that can be used in conjunction with other authorization methods. Pundit's approach is more explicit and flexible, but Rolify offers a simpler way to handle role-based permissions out of the box. The choice between the two depends on the specific needs of the project and the desired level of control over the authorization logic.

ryanb logo

cancan

6,271

Authorization Gem for Ruby on Rails.

Pros of CanCan

  • Simpler and more intuitive API for defining and checking permissions
  • Built-in integration with Rails controllers and views
  • Extensive documentation and community support

Cons of CanCan

  • Less flexible for complex role-based scenarios
  • Lacks built-in role management features
  • Not actively maintained (last update in 2013)

Code Comparison

CanCan:

class Ability
  include CanCan::Ability

  def initialize(user)
    can :read, Post
    can :manage, Post, user_id: user.id
  end
end

Rolify:

class User < ApplicationRecord
  rolify

  def initialize
    add_role :admin
    has_role? :moderator, Forum.first
  end
end

Rolify focuses on role management, allowing you to assign and check roles for users. CanCan, on the other hand, provides a more comprehensive authorization solution with a focus on defining and checking permissions.

While CanCan offers a simpler API and better integration with Rails, Rolify provides more flexibility for complex role-based scenarios and active maintenance. The choice between the two depends on your specific project requirements and the level of role management complexity needed.

heartcombo logo

devise

23,904

Flexible authentication solution for Rails with Warden.

Pros of Devise

  • Comprehensive authentication solution with built-in modules for various authentication strategies
  • Extensive documentation and large community support
  • Seamless integration with Rails applications

Cons of Devise

  • Can be complex and overwhelming for simple authentication needs
  • Less flexible for custom authentication workflows
  • Requires more setup and configuration compared to Rolify

Code Comparison

Devise (User model):

class User < ApplicationRecord
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable
end

Rolify (User model):

class User < ApplicationRecord
  rolify
end

Devise focuses on authentication, providing a comprehensive solution with various modules. It's well-documented and widely supported but can be complex for simple needs. Rolify, on the other hand, specializes in role management, offering a simpler and more focused approach.

Devise requires more setup in the User model, as seen in the code comparison. It includes multiple modules for different authentication features. Rolify's implementation is more straightforward, with a single rolify method call.

While Devise is excellent for full-featured authentication, Rolify is better suited for projects that need flexible role management without the overhead of a complete authentication system.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

rolify Gem Version build status Code Climate Coverage Status

Very simple Roles library without any authorization enforcement supporting scope on resource object.

Let's see an example:

user.has_role?(:moderator, @forum)
=> false # if user is moderator of another Forum

This library can be easily integrated with any authentication gem (devise, Authlogic, Clearance) and authorization gem* (CanCanCan, authority, Pundit)

*: authorization gem that doesn't provide a role class

Requirements

  • Rails >= 4.2
  • ActiveRecord >= 4.2 or Mongoid >= 4.0
  • supports ruby 2.2+, JRuby 1.6.0+ (in 1.9 mode) and Rubinius 2.0.0dev (in 1.9 mode)
  • support of ruby 1.8 has been dropped due to Mongoid >=3.0 that only supports 1.9 new hash syntax

Installation

Add this to your Gemfile and run the bundle command.

gem "rolify"

Getting Started

1. Generate Role Model

First, use the generator to setup Rolify. Role and User class are the default names. However, you can specify any class name you want. For the User class name, you would probably use the one provided by your authentication solution.

If you want to use Mongoid instead of ActiveRecord, just add --orm=mongoid argument, and skip to step #3.

rails g rolify Role User

NB for versions of Rolify prior to 3.3, use:

rails g rolify:role Role User

The generator will create your Role model, add a migration file, and update your User class with new class methods.

2. Run the migration (only required when using ActiveRecord)

Let's migrate!

rake db:migrate

3.1 Configure your user model

This gem adds the rolify method to your User class. You can also specify optional callbacks on the User class for when roles are added or removed:

class User < ActiveRecord::Base
  rolify :before_add => :before_add_method

  def before_add_method(role)
    # do something before it gets added
  end
end

The rolify method accepts the following callback options:

  • before_add
  • after_add
  • before_remove
  • after_remove

Mongoid callbacks are also supported and works the same way.

The rolify method also accepts the inverse_of option if you need to disambiguate the relationship.

3.2 Configure your resource models

In the resource models you want to apply roles on, just add resourcify method. For example, on this ActiveRecord class:

class Forum < ActiveRecord::Base
  resourcify
end

3.3 Assign default role

class User < ActiveRecord::Base
  after_create :assign_default_role

  def assign_default_role
    self.add_role(:newuser) if self.roles.blank?
  end
end

4. Add a role to a user

To define a global role:

user = User.find(1)
user.add_role :admin

To define a role scoped to a resource instance:

user = User.find(2)
user.add_role :moderator, Forum.first

To define a role scoped to a resource class:

user = User.find(3)
user.add_role :moderator, Forum

Remove role:

user = User.find(3)
user.remove_role :moderator

That's it!

5. Role queries

To check if a user has a global role:

user = User.find(1)
user.add_role :admin # sets a global role
user.has_role? :admin
=> true

To check if a user has a role scoped to a resource instance:

user = User.find(2)
user.add_role :moderator, Forum.first # sets a role scoped to a resource instance
user.has_role? :moderator, Forum.first
=> true
user.has_role? :moderator, Forum.last
=> false

To check if a user has a role scoped to a resource class:

user = User.find(3)
user.add_role :moderator, Forum # sets a role scoped to a resource class
user.has_role? :moderator, Forum
=> true
user.has_role? :moderator, Forum.first
=> true
user.has_role? :moderator, Forum.last
=> true

A global role overrides resource role request:

user = User.find(4)
user.add_role :moderator # sets a global role
user.has_role? :moderator, Forum.first
=> true
user.has_role? :moderator, Forum.last
=> true

To check if a user has the exact role scoped to a resource class:

user = User.find(5)
user.add_role :moderator # sets a global role
user.has_role? :moderator, Forum.first
=> true
user.has_strict_role? :moderator, Forum.last
=> false

6. Resource roles querying

Starting from rolify 3.0, you can search roles on instance level or class level resources.

Instance level

forum = Forum.first
forum.roles
# => [ list of roles that are only bound to forum instance ]
forum.applied_roles
# => [ list of roles bound to forum instance and to the Forum class ]

Class level

Forum.with_role(:admin)
# => [ list of Forum instances that have role "admin" bound to them ]
Forum.without_role(:admin)
# => [ list of Forum instances that do NOT have role "admin" bound to them ]
Forum.with_role(:admin, current_user)
# => [ list of Forum instances that have role "admin" bound to them and belong to current_user roles ]
Forum.with_roles([:admin, :user], current_user)
# => [ list of Forum instances that have role "admin" or "user" bound to them and belong to current_user roles ]

User.with_any_role(:user, :admin)
# => [ list of User instances that have role "admin" or "user" bound to them ]
User.with_role(:site_admin, current_site)
# => [ list of User instances that have a scoped role of "site_admin" to a site instance ]
User.with_role(:site_admin, :any)
# => [ list of User instances that have a scoped role of "site_admin" for any site instances ]
User.with_all_roles(:site_admin, :admin)
# => [ list of User instances that have a role of "site_admin" and a role of "admin" bound to it ]

Forum.find_roles
# => [ list of roles that are bound to any Forum instance or to the Forum class ]
Forum.find_roles(:admin)
# => [ list of roles that are bound to any Forum instance or to the Forum class, with "admin" as a role name ]
Forum.find_roles(:admin, current_user)
# => [ list of roles that are bound to any Forum instance, or to the Forum class with "admin" as a role name, and belongs to current_user ]

Strict Mode

class User < ActiveRecord::Base
  rolify strict: true
end

@user = User.first

@user.add_role(:forum, Forum)
@user.add_role(:forum, Forum.first)

@user.has_role?(:forum, Forum) #=> true
@user.has_role?(:forum, Forum.first) #=> true
@user.has_role?(:forum, Forum.last) #=> false

I.e. you get true only on a role that you manually add.

Cached Roles (to avoid N+1 issue)

@user.add_role :admin, Forum
@user.add_role :member, Forum

users = User.with_role(:admin, Forum).preload(:roles)
users.each do |user|
  user.has_cached_role?(:member, Forum) # no extra queries
end

This method should be used with caution. If you don't preload the roles, the has_cached_role? might return false. In the above example, it would return false for @user.has_cached_role?(:member, Forum), because User.with_role(:admin, Forum) will load only the :admin roles.

Resources

Upgrade from previous versions

Please read the upgrade instructions.

Known issues

  • If you are using Mongoid and/or less-rails gem, please read this
  • Moped library (ruby driver for Mongodb used by Mongoid) doesn't support rubinius 2.2 yet (see https://github.com/mongoid/moped/issues/231)
  • If you use Rails 4 and Mongoid, use Mongoid ~> 4. rolify is fully tested with Rails 4 and Mongoid 4.

Questions or Problems?

If you have any issue or feature request with/for rolify, please create an new issue on GitHub specifying the ruby runtime, rails and rolify versions you're using and the gems listed in your Gemfile, or fork the project and send a pull request.

To get the specs running you should call bundle and then rake. See the spec/README for more information.