Module: AeUsers::ControllerExtensions::RequirePermission::ClassMethods

Defined in:

lib/ae_users.rb

Instance Method Summary

• #require_class_permission(perm_name, conditions = {}) ⇒ Object
• #require_login(conditions = {}) ⇒ Object
• #require_permission(perm_name, conditions = {}) ⇒ Object
• #rest_edit_permissions(options = {}) ⇒ Object
• #rest_permissions(options = {}) ⇒ Object
• #rest_view_permissions(options = {}) ⇒ Object

Instance Method Details

#require_class_permission(perm_name, conditions = {}) ⇒ Object

# File 'lib/ae_users.rb', line 458

def require_class_permission(perm_name, conditions = {})
  delegated = false
  if conditions[:class_name]
    cn = conditions[:class_name]
    delegated = true
  elsif conditions[:class_param]
    cpn = conditions[:class_param]
  end
  before_filter conditions do |controller|
    if cn.nil? and cpn
      cn = controller.params[cpn]
      delegated = true
    end
    controller_cn = controller.class.name.gsub(/Controller$/, "").singularize
    cn ||= controller_cn
    full_perm_name = "#{perm_name}_#{cn.tableize}"
    if delegated
      msg = "Sorry, but you are not permitted to #{perm_name} #{controller_cn.tableize.humanize.downcase} in this #{cn.tableize.humanize.singularize.downcase}."
    else
      msg = "Sorry, but you are not permitted to #{perm_name} #{cn.tableize.humanize.downcase}."
    end
    controller.do_permission_check(nil, full_perm_name, msg)
  end
end

#require_login(conditions = {}) ⇒ Object

# File 'lib/ae_users.rb', line 447

def require_login(conditions = {})
  before_filter conditions do |controller|
    if not controller.logged_in?
      controller.attempt_login_from_params
      if not controller.logged_in?
        controller.access_denied "Sorry, but you need to be logged in to view that page."
      end
    end
  end
end

#require_permission(perm_name, conditions = {}) ⇒ Object

# File 'lib/ae_users.rb', line 483

def require_permission(perm_name, conditions = {})
  if conditions[:class_name]
    cn = conditions[:class_name]
  end
  id_param = conditions[:id_param] || :id
  before_filter conditions do |controller|
    cn ||= controller.class.name.gsub(/Controller$/, "").singularize
    o = eval(cn).find(controller.params[id_param])
    if not o.nil?
      controller.do_permission_check(o, perm_name, "Sorry, but you are not permitted to #{perm_name} this #{cn.tableize.singularize.humanize.downcase}.")
    end
  end
end

#rest_edit_permissions(options = {}) ⇒ Object

# File 'lib/ae_users.rb', line 497

def rest_edit_permissions(options = {})
  options = {
    :restrict_create => false,
  }.update(options)
  restrict_create = options[:restrict_create]
  options.delete(:restrict_create)
  require_permission("edit", { :only => [:edit, :update] }.update(options))
  if restrict_create
    require_class_permission("create", { :only => [:new, :create] }.update(options))
  end
  require_permission("destroy", { :only => [:destroy] }.update(options))
end

#rest_permissions(options = {}) ⇒ Object

# File 'lib/ae_users.rb', line 524

def rest_permissions(options = {})
  rest_view_permissions(options)
  rest_edit_permissions(options)
end

#rest_view_permissions(options = {}) ⇒ Object

# File 'lib/ae_users.rb', line 510

def rest_view_permissions(options = {})
  options = {
    :restrict_list => false,
  }.update(options)
  restrict_list = options[:restrict_list]
  options.delete(:restrict_list)
  if restrict_list
    require_class_permission("list", { :only => [:index] }.update(options))
  elsif options[:class_name]
    require_permission("show", { :only => [:index], :id_param => "#{options[:class_name].tableize}_id" }.update(options))
  end
  require_permission("show", { :only => [:show] }.update(options))
end