ActiveElement provides a comprehensive authorization model for restricting access to all parts of your application based on a simple permissions system.
ActiveElement does not enforce any particular authentication framework and works out of the box with Devise.
There are no restrictions on how you choose to implement your application’s authentication system, but if you wish to use ActiveElement’s authorization model the following two methods must be defined:
authenticate_user!
.current_user
. The user object must respond to a #permissions
method which returns an array of strings such as ['can_list_users']
.A typical setup would look like this:
# app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
prepend_before_action :configure_authentication
private
def configure_authentication
active_element.authenticate_with { authenticate_user! }
active_element.authorize_with { current_user }
end
end
ActiveElement does not require authentication/authorization to be implemented and works either without any authentication at all or with your own custom authentication stack.
See the Authentication and Authorization for more details on the benefits of using the provided authorization features.