ember-sanctify
v0.2.1
Published
An authorization addon for Ember CLI
Downloads
7
Readme
ember-sanctify
Minimal authorization through Object Oriented design. Highly inspired by the Pundit gem.
Breaking Changes
In 0.2.0 ember-sanctify updated the resolver to correctly resolve policies to app/policies
instead app/policy
. The directory will need renamed if upgrading from a previous version to maintain compatibility.
Requirements
ember-sanctify only supports Ember >= 1.10
Installation
ember install:addon ember-sanctify
Compatibility
| Ember Version | Ember Can Release | | ------------------ | --------------------- | | 1.9.x and lower | No Support | | 1.10 through 1.12 | 0.1.x | | 1.13 and beyond | 0.2.x |
Policies
Ember Sanctify is designed around the idea that simple policy objects control approving and denying access to related resources. These objects are located inside of app/policies
. The path of these policies is important as policies are automatically looked up based off of route paths.
This simple example allows accessing the edit route of a post if the user is an admin:
app/policies/posts/edit.js
:
import Ember from 'ember';
export default Ember.Object.extend({
/* Inject a session service to provide the authorization object with user access */
session: Ember.inject.service(),
/*
Validates if the user is and admin and provides access to the `posts.edit` route.
*/
canAccess: function(/*route, model*/) {
var user = this.get('session.user');
return Ember.get(this, 'session.user.isAdmin');
}
});
app/routes/posts/edit.js
:
import Ember from 'ember';
import Authorizable from 'ember-sanctify/mixins/routes/authorizable';
export default Ember.Route.extend(Authorizable, {
model: function(params) {
return this.store.find('post', params.post_id);
}
});
Using a simple authorization object provides developers with the ability to keep authorization simple, thus be able to build a robust and scalable authorization system. To help facilitate this, ember-sanctify makes the following assumptions:
- The return value of the
canAccess
method on the associated policy object must eventually validate to a truthy value for the user to be granted access. - If the user is denied access, the transition is aborted. If a
redirectionRoute
property exists on the policy, the user will be redirected to the specified route. - Validation is done during the
afterModel
callback on the route to provide the developer with access to the model if needed. If the developer needs to override the afterModel callback, be sure to callthis._super(model, transition)
. - The
canAccess
method can optionally return a promise so that async data can be accessed when needed. - If a policy is not found, the library falls back to whatever is specified by the policy that the resolver resolves at 'policy:application'. By default, this policy denies all access. To override generate a new application default policy inside of
app/policies/application.js
.
Template content authorization
Authorizing access to template content is provided by using the can-access
sub-expression helper inside of the desired template.
This example allows the user to create a post as long as they are authenticated:
{{#if (can-access 'post' 'create')}}
{{#link-to 'posts.new'}}New Post{{/link-to}}
{{else}}
Please {{#link-to 'login'}}log in{{/link-to}} to create a new post.
{{/if}}
The first argument is the path to the authorization policy, the second is the method name to call on that authorization policy. In the example above, the can-access helper would call the method canCreate
.
The policy (app/policies/post.js
) for authorizing the action in the above template could look like so:
export default Ember.Object.extend({
/* Inject a session service to provide the authorization object with user access */
session: Ember.inject.service(),
/* ... */
canCreate: function() {
return this.get('session.user');
}
The can-access
sub-expression capitalizes the second parameter and prefixes it with the string can
before looking up and calling the authorization method on the defined policy. It also excepts optional arguments.
{{#if (can-access 'post' 'edit' model)}}...{{else}}...{{/if}}
Feel free to look through the tests/dummy
application for more examples.
Running Tests
ember test
ember test --server
Building
ember build
For more information on using ember-cli, visit http://www.ember-cli.com/.
Code Of Conduct
Wildland Open Source Code Of Conduct