Module: ActionController::Authorization::ClassMethods

Defined in:
lib/action_controller/authorization.rb

Instance Method Summary collapse

Instance Method Details

#require_login(*attrs) ⇒ Object

require_login

requires the user to login before accessing the actions specified

ex: Tells Authentasaurus that the action destroy requires login and that Authentasaurus shouldn’t store the request in the session (typically for logout actions)

  • :skip_request - skips saving the original request (to redirect to after login)

  • :user_model - if defined, authentasaurus will use that model instead of the default “User”

  • :if - specifies a method, proc or string to call to determine if the authorization should occur

  • :unless - specifies a method, proc or string to call to determine if the authorization should not occur

    require_login :destroy, :skip_request => true



25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/action_controller/authorization.rb', line 25

def  (*attrs)
  options = attrs.extract_options!.symbolize_keys
  attrs = attrs.flatten
  
unless attrs.empty?
  before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
    controller.instance_eval {check_logged_in !options[:skip_request].nil?, options[:user_model]}
  end
else
	before_filter :if => options[:if], :unless => options[:unless] do |c| 
	  c.instance_eval {check_logged_in !options[:skip_request].nil?, options[:user_model]}
 end
end
end

#require_read(*attrs) ⇒ Object

require_read

requires the user to have a read permission to that area to access the actions specified

ex: Tells Authentasaurus that the action show_user requires login and read permission.

  • :skip_request - skips saving the original request (to redirect to after login)

  • :user_model - if defined, authentasaurus will use that model instead of the default “User”

  • :if - specifies a method, proc or string to call to determine if the authorization should occur

  • :unless - specifies a method, proc or string to call to determine if the authorization should not occur

    require_read :show_user



80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'lib/action_controller/authorization.rb', line 80

def require_read(*attrs)
  options = attrs.extract_options!.symbolize_keys
  attrs = attrs.flatten
  
unless attrs.empty?
	before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
	  controller.instance_eval { check_read_permissions !options[:skip_request].nil?, options[:user_model] }
 end
else
	before_filter :if => options[:if], :unless => options[:unless] do |c| 
	  c.instance_eval { check_read_permissions !options[:skip_request].nil?, options[:user_model] } 
 end
end
end

#require_write(*attrs) ⇒ Object

require_write

requires the user to have a write permission to that area to access the actions specified

ex: Tells Authentasaurus that the actions create_user and delete_user requires login and write permission.

  • :skip_request - skips saving the original request (to redirect to after login)

  • :user_model - if defined, authentasaurus will use that model instead of the default “User”

  • :if - specifies a method, proc or string to call to determine if the authorization should occur

  • :unless - specifies a method, proc or string to call to determine if the authorization should not occur

    require_write :create_user, :delete_user



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/action_controller/authorization.rb', line 52

def require_write(*attrs)
  options = attrs.extract_options!.symbolize_keys
  attrs = attrs.flatten
  
  
unless attrs.empty?
	before_filter :only => attrs, :if => options[:if], :unless => options[:unless] do |controller|
	  controller.instance_eval { check_write_permissions !options[:skip_request].nil?, options[:user_model] }
 end
else
	before_filter :if => options[:if], :unless => options[:unless] do |c| 
	  c.instance_eval {check_write_permissions !options[:skip_request].nil?, options[:user_model]}
 end
end
end