Class: Guts::PermissionsController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• Guts::PermissionsController

Includes:

ControllerPermissionConcern

Defined in:

app/controllers/guts/permissions_controller.rb

Overview

Permissions controller

Instance Method Summary

• #additional ⇒ Object

  Fine-tuned permissions on an object level.

• #additional_create ⇒ Object

  Creates a permission for an object at a fine level.

• #create ⇒ Object

  Creates a permission for an object.

• #destroy ⇒ Object

  Revokes a permission.

• #index ⇒ Object

  Displays the permissions.

• #new ⇒ Object

  Assigning a permission to an object.

Methods inherited from ApplicationController

#current_ability

Methods included from MultisiteConcern

#current_site, #with_current_site

Instance Method Details

#additional ⇒ Object

Fine-tuned permissions on an object level

# File 'app/controllers/guts/permissions_controller.rb', line 53

def additional
  @permission = Permission.new
  @objects    = "#{@authorization.subject_class}".constantize.all
end

#additional_create ⇒ Object

Note:

Redirects to #index if successfull or re-renders #additional if not

Creates a permission for an object at a fine level

# File 'app/controllers/guts/permissions_controller.rb', line 60

def additional_create
  # Check if authorization exists and create if it does not
  authorization = Authorization.find_or_create_by(
    subject_class: @authorization.subject_class,
    action: @authorization.action,
    subject_id: params[:subject_id]
  ) do |auth|
    auth.description = @authorization.action
  end

  # Save the permission
  @permission = Permission.new permission_params.merge(authorization_id: authorization.id)

  if @permission.save
    # Success, all done
    flash[:notice] = 'Permission was successfully granted.'
    redirect_to polymorphic_path([@object, :permissions])
  else
    # Error
    redirect_to polymorphic_path([:additional, @object, :permissions])
  end
end

#create ⇒ Object

Note:

Redirects to #index if successfull or re-renders #new if not

Creates a permission for an object

# File 'app/controllers/guts/permissions_controller.rb', line 25

def create
  ActiveRecord::Base.transaction do
    # Takes the custom authorization field from the form and loops
    # and merges it into ther permission_params
    params[:authorization_ids].each do |id|
      permission = Permission.new permission_params.merge(authorization_id: id)
      permission.save!
    end
  end

  # Success, all done
  flash[:notice] = 'Permission was successfully granted.'
  redirect_to polymorphic_path([@object, :permissions])
rescue ActiveRecord::RecordInvalid => _
  # Something did not validate
  redirect_to new_polymorphic_path([@object, :permission])
end

#destroy ⇒ Object

Revokes a permission

# File 'app/controllers/guts/permissions_controller.rb', line 44

def destroy
  @permission = @object.permissions.find { |p| p.id == params[:id].to_i }
  @permission.destroy if @permission

  flash[:notice] = @permission ? 'Permission was revoked.' : 'Error revoking permission.'
  redirect_to polymorphic_path([@object, :permissions])
end

#index ⇒ Object

Displays the permissions

# File 'app/controllers/guts/permissions_controller.rb', line 13

def index
end

#new ⇒ Object

Assigning a permission to an object

# File 'app/controllers/guts/permissions_controller.rb', line 17

def new
  @permission     = Permission.new
  @authorizations = Authorization.where(subject_id: nil)
  @grouped_auths  = @authorizations.group_by(&:subject_class)
end