hopsoft / Perm
Licence: mit
Simple authorization/permission management in Ruby
Programming Languages
ruby
36898 projects - #4 most used programming language
Labels
Projects that are alternatives of or similar to Perm
rbac-tool
Rapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+6725%)
Mutual labels: permissions, authorization
feathers-casl
feathers.js + casl: hooks & channels
Stars: ✭ 25 (+212.5%)
Mutual labels: permissions, authorization
django-cancan
🔓Authorization library for Django
Stars: ✭ 36 (+350%)
Mutual labels: permissions, authorization
spicedb
Open Source, Google Zanzibar-inspired fine-grained permissions database
Stars: ✭ 3,358 (+41875%)
Mutual labels: permissions, authorization
Casbin4D
An authorization library that supports access control models like ACL, RBAC, ABAC in Delphi
Stars: ✭ 25 (+212.5%)
Mutual labels: permissions, authorization
graphql authorize
Authorization helpers for ruby-graphql fields
Stars: ✭ 23 (+187.5%)
Mutual labels: permissions, authorization
HeimGuard
🛡 A simple library that allows you to easily manage permissions in your .NET projects.
Stars: ✭ 77 (+862.5%)
Mutual labels: permissions, authorization
Vue Router User Roles
A Vue.js plugin that protects routes based on user roles. Add your own authentication.
Stars: ✭ 237 (+2862.5%)
Mutual labels: authorization, permissions
deadbolt
Dead simple permissions for Laravel
Stars: ✭ 13 (+62.5%)
Mutual labels: permissions, authorization
django-keeper
Authorization library for Django, with ACL, not depends on models.
Stars: ✭ 47 (+487.5%)
Mutual labels: permissions, authorization
Access Granted
Multi-role and whitelist based authorization gem for Rails (and not only Rails!)
Stars: ✭ 733 (+9062.5%)
Mutual labels: authorization, permissions
Casl
CASL is an isomorphic authorization JavaScript library which restricts what resources a given user is allowed to access
Stars: ✭ 3,610 (+45025%)
Mutual labels: authorization, permissions
Rbac
Hierarchical Role-Based Access Control for Node.js
Stars: ✭ 254 (+3075%)
Mutual labels: authorization, permissions
nova-permissions
Add Permissions based authorization for your Nova installation via User-based Roles and Permissions. Roles are defined in the database whereas Permissions are defined in the code base.
Stars: ✭ 115 (+1337.5%)
Mutual labels: permissions, authorization
Bouncer
Eloquent roles and abilities.
Stars: ✭ 2,763 (+34437.5%)
Mutual labels: authorization, permissions
riam
AWS IAM inspired policy engine in Rust
Stars: ✭ 19 (+137.5%)
Mutual labels: permissions, authorization
Drf Access Policy
Declarative access policies/permissions modeled after AWS' IAM policies.
Stars: ✭ 200 (+2400%)
Mutual labels: authorization, permissions
Appy
🚀 A full stack boilerplate web app
Stars: ✭ 225 (+2712.5%)
Mutual labels: authorization, permissions
fastapi-auth0
FastAPI authentication and authorization using auth0.com
Stars: ✭ 104 (+1200%)
Mutual labels: permissions, authorization
authorization
Native Laravel Authorization.
Stars: ✭ 55 (+587.5%)
Mutual labels: permissions, authorization
Perm
Incredibly simple permission management i.e. authorization.
Quickstart
gem install perm
Setup
Let's create a simple example with users & posts.
class User
attr_reader :roles, :posts
def initialize(roles: [])
@roles = roles
@posts = []
end
end
class Post
attr_reader :user, :title
attr_accessor :published
def initialize(user:, title:)
@user = user
@title = title
@user.posts << self
end
end
Once our basic classes have be defined, we can create an authorized user to manage permissions.
class AuthorizedUser < Perm::Authorized
def can_read?(post)
return true if user.roles.include?(:admin)
return true if user.roles.include?(:editor)
return true if user == post.user
post.published
end
def can_update?(post)
return true if user.roles.include?(:admin)
return true if user.roles.include?(:editor)
user == post.user
end
def can_delete?(post)
return true if user.roles.include?(:admin)
user == post.user
end
end
Authorized users do the following.
- wrap user objects — somewhat like the presenter pattern
- add behavior to wrapped users
- respond to authorization methods defined as
can_OPERATION?
- secure by default i.e. authorization checks return false until implemented
Usage
Create some users
mary = User.new(roles: [:admin])
john = User.new(roles: [:editor, :writer])
beth = User.new(roles: [:writer])
drew = User.new
Create a post
post = Post.new(user: beth, title: "Authorization made easy")
Wrap each user with an authorizer
authorized_mary = AuthorizedUser.new(mary)
authorized_john = AuthorizedUser.new(john)
authorized_beth = AuthorizedUser.new(beth)
authorized_drew = AuthorizedUser.new(drew)
# wrapped users continue to act like users
authorized_beth.posts # => [#<Post:0x007fe35d081798 @title="Authorization made easy"...
# if conflicts arise, simply access the original
authorized_beth.user
Check permissions
authorized_mary.can_read?(post) # => true
authorized_mary.can_update?(post) # => true
authorized_mary.can_delete?(post) # => true
authorized_john.can_read?(post) # => true
authorized_john.can_update?(post) # => true
authorized_john.can_delete?(post) # => false
authorized_beth.can_read?(post) # => true
authorized_beth.can_update?(post) # => true
authorized_beth.can_delete?(post) # => true
authorized_drew.can_read?(post) # => false
authorized_drew.can_update?(post) # => false
authorized_drew.can_delete?(post) # => false
post.published = true
authorized_drew.can_read?(post) # => true
# we can also check unimplemented permissions
authorized_mary.can_create?(post) # => false
authorized_john.can_view?(post) # => false
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].