All Projects → davydovanton → Kan

davydovanton / Kan

Licence: mit
Simple, functional authorization library and role management for ruby

Programming Languages

ruby
36898 projects - #4 most used programming language

Projects that are alternatives of or similar to Kan

keycloak-restrict-client-auth
A Keycloak authenticator to restrict authorization on clients
Stars: ✭ 34 (-85.34%)
Mutual labels:  roles, authorization
Brandenburg
Laravel Authentication Package
Stars: ✭ 79 (-65.95%)
Mutual labels:  authorization, roles
Policyserver.local
Sample OSS version of PolicyServer
Stars: ✭ 444 (+91.38%)
Mutual labels:  authorization, roles
nova-permissions
Add Permissions based authorization for your Nova installation via User-based Roles and Permissions. Roles are defined in the database whereas Permissions are defined in the code base.
Stars: ✭ 115 (-50.43%)
Mutual labels:  roles, authorization
Laravel Governor
Manage authorization with granular role-based permissions in your Laravel Apps.
Stars: ✭ 131 (-43.53%)
Mutual labels:  authorization, roles
firebase-spring-boot-rest-api-authentication
Firebase Spring Boot Rest API Authentication
Stars: ✭ 172 (-25.86%)
Mutual labels:  roles, authorization
Monarchy
Hierarchical access management system with advanced roles inheritance. 🦋
Stars: ✭ 48 (-79.31%)
Mutual labels:  authorization, roles
Vue Router User Roles
A Vue.js plugin that protects routes based on user roles. Add your own authentication.
Stars: ✭ 237 (+2.16%)
Mutual labels:  authorization, roles
Laravel Auth
A powerful authentication, authorization and verification package built on top of Laravel. It provides developers with Role Based Access Control, Two-Factor Authentication, Social Authentication, and much more, compatible Laravel’s standard API and fully featured out of the box.
Stars: ✭ 128 (-44.83%)
Mutual labels:  authorization, roles
Accesscontrol
Role and Attribute based Access Control for Node.js
Stars: ✭ 1,723 (+642.67%)
Mutual labels:  authorization, roles
laravel-roles-abilities-tutorial
Tutorial demonstrating the implementation of roles and abilities in Laravel
Stars: ✭ 16 (-93.1%)
Mutual labels:  roles, authorization
Think Authz
An authorization library that supports access control models like ACL, RBAC, ABAC in ThinkPHP 6.0 .
Stars: ✭ 155 (-33.19%)
Mutual labels:  authorization, roles
auth
Authorization for humans
Stars: ✭ 49 (-78.88%)
Mutual labels:  roles, authorization
HeimGuard
🛡 A simple library that allows you to easily manage permissions in your .NET projects.
Stars: ✭ 77 (-66.81%)
Mutual labels:  roles, authorization
Bouncer
Eloquent roles and abilities.
Stars: ✭ 2,763 (+1090.95%)
Mutual labels:  authorization, roles
Php Casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
Stars: ✭ 865 (+272.84%)
Mutual labels:  authorization, roles
Sentinel
A framework agnostic authentication & authorization system.
Stars: ✭ 1,354 (+483.62%)
Mutual labels:  authorization, roles
Laratrust
Handle roles and permissions in your Laravel application
Stars: ✭ 1,799 (+675.43%)
Mutual labels:  authorization, roles
Security.identity
.NET DevPack Identity is a set of common implementations to help you implementing Identity, Jwt, claims validation and another facilities
Stars: ✭ 165 (-28.88%)
Mutual labels:  authorization, roles
Rabbitmq Auth Backend Http
HTTP-based authorisation and authentication for RabbitMQ
Stars: ✭ 194 (-16.38%)
Mutual labels:  authorization

Kan

Build Status Backers on Open Collective Sponsors on Open Collective

Simple functional authorization library for ruby. Inspired by transproc and dry project

Table of context

Installation

Add this line to your application's Gemfile:

gem 'kan'

And then execute:

$ bundle

Or install it yourself as:

$ gem install kan

Usage

See User Documentation page

Basic Usage

Register abilities

class Post::Abilities
  include Kan::Abilities

  register('read') { |_, _| true }
  register('edit') { |user, post| user.id == post.user_id }
  register('delete') { |_, _| false }
end

Also, you can register more than one ability in one place and use string or symbol keys:

class Post::AdminAbilities
  include Kan::Abilities

  register(:read, :edit, :delete) { |user, _| user.admin? }
end

class Comments::Abilities
  include Kan::Abilities

  register('read') { |_, _| true }
  register('edit') { |user, _| user.admin? }

  register(:delete) do |user, comment|
    user.id == comment.user_id && comment.created_at < Time.now + TEN_MINUTES
  end
end

Check abilities

abilities = Kan::Application.new(
  post: Post::Abilities.new,
  comment: Comments::Abilities.new
)

abilities['post.read'].call(current_user, post) # => true
abilities['post.delete'].call(current_user, post) # => false
abilities['comment.delete'].call(current_user, post) # => false

Default ability block

By default Kan use proc { true } as a default ability block:

abilities['comment.invalid'].call(current_user, post) # => true

But you can rewrite it

admin_abilities = Kan::Application.new(
  post: Post::AdminAbilities.new(default_ability_block: proc { false }),
  comment: Comments::Abilities.new,
)

admin_abilities['post.delete'].call(current_user, post)  # => false
admin_abilities['post.delete'].call(admin_user, post)    # => true
admin_abilities['post.invalid'].call(current_user, post) # => false

List of abilities

You can provide array of abilities for each scope and Kan will return true if at least one ability return true:

global_abilities = Kan::Application.new(
  post: [Post::Abilities.new, Post::AdminAbilities.new],
  comment: Comments::Abilities.new
)

global_abilities['post.edit'].call(current_user, post) # => false
global_abilities['post.edit'].call(owner_user, post)   # => true
global_abilities['post.edit'].call(admin_user, post)   # => true

Aliases

You can use strings or symbols and then use it as name of ability

class Post::Abilities
  include Kan::Abilities

  register(:edit) { |_, _| true }
  register_alias(:correct, 'edit')
end

abilities = Kan::Application.new(
  post: Post::Abilities.new
)

abilities['post.correct'].call(current_user, post) # => true

Callback

You can provide callable object (that respond to #call) that accepts ability_name and payload params to after_call_callback param of your ability:

admin_abilities = Kan::Application.new(
  post: Post::AdminAbilities.new(after_call_callback: -> (ability_name, payload) { ... }),
  comment: Comments::Abilities.new,
)

admin_abilities['post.read'].call(current_user, post) # => false

Your object will be executed after calling ability.

Contributing

Code and features

Bug reports and pull requests are welcome on GitHub at https://github.com/davydovanton/kan. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Docs

Just send PR with changes in docs/ folder.

How to instal the project

Just clone repository and call:

$ bundle install
$ bundle exec rspec

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the Kan project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].