Module: ActionController::Authorization::ClassMethods
- Defined in:
- lib/action_controller/authorization.rb
Instance Method Summary collapse
-
#require_login(*attrs) ⇒ Object
require_login
-
requires the user to login before accessing the actions specified.
-
#require_read(*attrs) ⇒ Object
require_read
-
requires the user to have a read permission to that area to access the actions specified.
-
#require_write(*attrs) ⇒ Object
require_write
-
requires the user to have a write permission to that area to access the actions specified.
Instance Method Details
#require_login(*attrs) ⇒ Object
require_login
-
requires the user to login before accessing the actions specified
ex: Tells Authentasaurus that the action destroy requires login and that Authentasaurus shouldn’t store the request in the session (typically for logout actions)
-
:skip_request - skips saving the original request (to redirect to after login)
-
:user_model - if defined, authentasaurus will use that model instead of the default “User”
-
:if - specifies a method, proc or string to call to determine if the authorization should occur
-
:unless - specifies a method, proc or string to call to determine if the authorization should not occur
require_login :destroy, :skip_request => true
-
25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'lib/action_controller/authorization.rb', line 25 def require_login (*attrs) = attrs..symbolize_keys attrs = attrs.flatten unless attrs.empty? before_filter :only => attrs, :if => [:if], :unless => [:unless] do |controller| controller.instance_eval {check_logged_in ![:skip_request].nil?, [:user_model]} end else before_filter :if => [:if], :unless => [:unless] do |c| c.instance_eval {check_logged_in ![:skip_request].nil?, [:user_model]} end end end |
#require_read(*attrs) ⇒ Object
require_read
-
requires the user to have a read permission to that area to access the actions specified
ex: Tells Authentasaurus that the action show_user requires login and read permission.
-
:skip_request - skips saving the original request (to redirect to after login)
-
:user_model - if defined, authentasaurus will use that model instead of the default “User”
-
:if - specifies a method, proc or string to call to determine if the authorization should occur
-
:unless - specifies a method, proc or string to call to determine if the authorization should not occur
require_read :show_user
-
80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/action_controller/authorization.rb', line 80 def require_read(*attrs) = attrs..symbolize_keys attrs = attrs.flatten unless attrs.empty? before_filter :only => attrs, :if => [:if], :unless => [:unless] do |controller| controller.instance_eval { ![:skip_request].nil?, [:user_model] } end else before_filter :if => [:if], :unless => [:unless] do |c| c.instance_eval { ![:skip_request].nil?, [:user_model] } end end end |
#require_write(*attrs) ⇒ Object
require_write
-
requires the user to have a write permission to that area to access the actions specified
ex: Tells Authentasaurus that the actions create_user and delete_user requires login and write permission.
-
:skip_request - skips saving the original request (to redirect to after login)
-
:user_model - if defined, authentasaurus will use that model instead of the default “User”
-
:if - specifies a method, proc or string to call to determine if the authorization should occur
-
:unless - specifies a method, proc or string to call to determine if the authorization should not occur
require_write :create_user, :delete_user
-
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/action_controller/authorization.rb', line 52 def require_write(*attrs) = attrs..symbolize_keys attrs = attrs.flatten unless attrs.empty? before_filter :only => attrs, :if => [:if], :unless => [:unless] do |controller| controller.instance_eval { ![:skip_request].nil?, [:user_model] } end else before_filter :if => [:if], :unless => [:unless] do |c| c.instance_eval { ![:skip_request].nil?, [:user_model]} end end end |