Method: CanCan::ControllerAdditions::ClassMethods#authorize_resource
- Defined in:
- lib/cancan/controller_additions.rb
#authorize_resource(*args) ⇒ Object
Sets up a before filter which authorizes the resource using the instance variable. For example, if you have an ArticlesController it will check the @article instance variable and ensure the user can perform the current action on it. Under the hood it is doing something like the following.
(params[:action].to_sym, @article || Article)
Call this method directly on the controller class.
class BooksController < ApplicationController
end
If you pass in the name of a resource which does not match the controller it will assume it is a parent resource.
class BooksController < ApplicationController
:author
:book
end
Here it will authorize :show
, @author
on every action before authorizing the book.
That first argument is optional and will default to the singular name of the controller. A hash of options (see below) can also be passed to this method to further customize it.
See load_and_authorize_resource to automatically load the resource too.
Options:
- :
only
-
Only applies before filter to given actions.
- :
except
-
Does not apply before filter to given actions.
- :
singleton
-
Pass
true
if this is a singleton resource through ahas_one
association. - :
parent
-
True or false depending on if the resource is considered a parent resource. This defaults to
true
if a resource name is given which does not match the controller. - :
class
-
The class to use for the model (string or constant). This passed in when the instance variable is not set. Pass
false
if there is no associated class for this resource and it will use a symbol of the resource name. - :
instance_name
-
The name of the instance variable for this resource.
- :
through
-
Authorize conditions on this parent resource when instance isn’t available.
- :
prepend
-
Passing
true
will use prepend_before_action instead of a normal before_action.
180 181 182 |
# File 'lib/cancan/controller_additions.rb', line 180 def (*args) cancan_resource_class.add_before_action(self, :authorize_resource, *args) end |