Module: AuthorizeMe::Model::ClassMethods
- Defined in:
- lib/authorize_me/model.rb
Instance Method Summary collapse
- #add_authorization_rule(role, options) ⇒ Object
- #authorization_rules ⇒ Object
-
#authorize {|AuthorizeMe::RoleDefinition.new(self)| ... } ⇒ Object
declare authorization rules on a model.
-
#authorize_me ⇒ Object
define a bunch of methods on extended class * User#can_create?(obj) * User#can_read?(obj) * User#can_update?(obj) * User#can_destroy?(obj).
Instance Method Details
#add_authorization_rule(role, options) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/authorize_me/model.rb', line 39 def (role, ) role = role.to_sym abilities = [:can] abilities = [abilities] unless abilities.is_a?(Array) @authorization_rules ||= {} @authorization_rules[role] ||= {} abilities.each do |ability| @authorization_rules[role][ability.to_sym] = {} @authorization_rules[role][ability.to_sym][:if] = [:if] @authorization_rules[role][ability.to_sym][:unless] = [:unless] end end |
#authorization_rules ⇒ Object
54 55 56 |
# File 'lib/authorize_me/model.rb', line 54 def @authorization_rules || {} end |
#authorize {|AuthorizeMe::RoleDefinition.new(self)| ... } ⇒ Object
declare authorization rules on a model. For example
do |role|
role.owner :can => :manage
role.admin :can => :manage
role.member :can => :read, :if => :has_application_read_permission?
role.member :can => [:create, :update, :destroy], :if => :has_application_write_permission?
end
35 36 37 |
# File 'lib/authorize_me/model.rb', line 35 def yield AuthorizeMe::RoleDefinition.new(self) end |
#authorize_me ⇒ Object
define a bunch of methods on extended class
-
User#can_create?(obj)
-
User#can_read?(obj)
-
User#can_update?(obj)
-
User#can_destroy?(obj)
17 18 19 20 21 22 23 24 25 |
# File 'lib/authorize_me/model.rb', line 17 def %w{ create read update destroy }.each do |ability| define_method "can_#{ability}?" do |*args| obj = args[0] = args[1] || {} check_ability_on_object ability, obj, end end end |