Module: AccountEngine::Helper
Instance Method Summary collapse
-
#authorized?(options, &block) ⇒ Boolean
Returns true, and also executes an optional code block if the current user is authorised for the supplied controller and action.
-
#link_if_authorized(name, options = {}, html_options = {}, *params, &block) ⇒ Object
Returns an HTML link if the user has authorisation to perform the supplied action.
- #link_to_user(user = current_user) ⇒ Object
Methods included from Support
Instance Method Details
#authorized?(options, &block) ⇒ Boolean
Returns true, and also executes an optional code block if the current user is authorised for the supplied controller and action. If no action is supplied, “index” is used by default. Returns false if the user is not authorised. e.g.
<% authorized?("person", "destroy") { %>
<p>You have the power to destroy users! Well done.</p>
<% } %>
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 |
# File 'lib/account_engine/helper.rb', line 80 def (, &block) # default the action to "index" controller = [:controller] action = [:action] # use the current controller/action if none is given in options controller ||= @controller.controller_name action ||= @controller.action_name if current_user.nil? RAILS_DEFAULT_LOGGER.debug "checking guest authorisation for #{controller}/#{action}" if User.(controller, action) yield block if block != nil return true end else RAILS_DEFAULT_LOGGER.debug "checking user:#{session[:user].id} authorisation for #{controller}/#{action}" if current_user.(controller, action) yield block if block != nil return true end end return false end |
#link_if_authorized(name, options = {}, html_options = {}, *params, &block) ⇒ Object
Returns an HTML link if the user has authorisation to perform the supplied action. All other options and parameters are identical to those for ActionView::link_to e.g.
("Home", {:controller => "home", :action => "index"})
If either of the :controller or :action options are ommitted, the current controller or action will be used instead.
This method can also take an additional block, which can override the actual user permissions (i.e. the user must have valid permissions AND this block must not return false or nil for the link to be generated).
We also provide special elements with the html_options argument.
:wrap_in
This can be used to wrap the link in a given tag. This is useful if some surrounding markup to the link should also be ommitted if the user is not authorised for that link. E.g.
<ul>
<%= link_if_authorised("Delete", {:action => "delete"}, :wrap_in => "li") %>
...
</ul>
In this case, if the user is not authorised for this link, the <li></li> element will not be generated. Please note that this is fairly simplistic and relies on Rails’ own #content_tag method. For more sophisticated control of markup based on authorisation, use the #authorised?() method directly.
:show_text
if this flag is set to true, the text given for the link will be shown (although not as a link) even if the use is NOT authorised for the given action.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/account_engine/helper.rb', line 50 def (name, = {}, = {}, *params, &block) result = .delete(:show_text) ? name : "" # we need to strip leading slashes when checking authorisation, but not when # actually generating the link. = .dup if [:controller] [:controller] = [:controller].gsub(/^\//, '') end (block.nil? || (yield block)) && () { #result = link_to_with_current_styling(name, options, html_options, *params) result = link_to(name, , , *params) # TODO: won't this pass other things like html_options[:id], which is EVIL since two # things shouldn't share the same ID. wrap_tag = .delete(:wrap_in) result = content_tag(wrap_tag, result, ) if wrap_tag != nil } result end |
#link_to_user(user = current_user) ⇒ Object
8 9 10 |
# File 'lib/account_engine/helper.rb', line 8 def link_to_user(user = current_user) link_to user.fullname, :controller => 'account', :action => 'show' end |