Module: AuthorizeMe::Model::ClassMethods

Defined in:
lib/authorize_me/model.rb

Instance Method Summary collapse

Instance Method Details

#add_authorization_rule(role, options) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/authorize_me/model.rb', line 39

def add_authorization_rule(role, options)
  role = role.to_sym
  abilities = options[:can]
  abilities = [abilities] unless abilities.is_a?(Array)

  @authorization_rules ||= {}
  @authorization_rules[role] ||= {}

  abilities.each do |ability|
    @authorization_rules[role][ability.to_sym]          = {}
    @authorization_rules[role][ability.to_sym][:if]     = options[:if]
    @authorization_rules[role][ability.to_sym][:unless] = options[:unless]
  end
end

#authorization_rulesObject 



54
55
56
 
# File 'lib/authorize_me/model.rb', line 54

def authorization_rules
  @authorization_rules || {}
end

#authorize {|AuthorizeMe::RoleDefinition.new(self)| ... } ⇒ Object

declare authorization rules on a model. For example

authorize do |role|
  role.owner  :can => :manage
  role.admin  :can => :manage
  role.member :can => :read, :if => :has_application_read_permission?
  role.member :can => [:create, :update, :destroy], :if => :has_application_write_permission?
end

Yields:



35
36
37
 
# File 'lib/authorize_me/model.rb', line 35

def authorize
  yield AuthorizeMe::RoleDefinition.new(self)
end

#authorize_meObject

define a bunch of methods on extended class

  • User#can_create?(obj)

  • User#can_read?(obj)

  • User#can_update?(obj)

  • User#can_destroy?(obj)



17
18
19
20
21
22
23
24
25
 
# File 'lib/authorize_me/model.rb', line 17

def authorize_me
  %w{ create read update destroy }.each do |ability|
    define_method "can_#{ability}?" do |*args|
      obj = args[0]
      association_options = args[1] || {}
      check_ability_on_object ability, obj, association_options
    end
  end
end