Class: ActionController::Permitter

Inherits:

Object

• Object
• ActionController::Permitter

Defined in:

lib/action_controller/permitter.rb

Class Method Summary

• .inherited(subclass) ⇒ Object

  When Permitter is inherited, it sets the resource (the symbol for params.require(some_sym)) to the unnamespaced model class that corresponds to the Permitter’s classname, e.g.

• .permit(*args) ⇒ Object
• .resource(name) ⇒ Object
• .resource_name ⇒ Object
• .scope(name) ⇒ Object

Instance Method Summary

• #authorize!(*args, &block) ⇒ Object
• #initialize(params, user, authorizer = nil) ⇒ Permitter constructor

  A new instance of Permitter.

• #permitted_params ⇒ Object
• #resource_name ⇒ Object

Constructor Details

#initialize(params, user, authorizer = nil) ⇒ Permitter

Returns a new instance of Permitter.

# File 'lib/action_controller/permitter.rb', line 53

def initialize(params, user, authorizer = nil)
  @params, @user, @authorizer = params, user, authorizer
end

Class Method Details

.inherited(subclass) ⇒ Object

When Permitter is inherited, it sets the resource (the symbol for params.require(some_sym)) to the unnamespaced model class that corresponds to the Permitter’s classname, e.g. by default A::B::ApplesController will use A::B::ApplePermitter which will do params.permit(:apple). To change this value, use the ‘resource` class method.

# File 'lib/action_controller/permitter.rb', line 15

def inherited(subclass)
  subclass.class_eval do
    class_attribute :permitted_attributes, :resource_name_override
    private_class_method :resource_name_override, :resource_name_override=

    self.permitted_attributes = []
  end
end

.permit(*args) ⇒ Object

# File 'lib/action_controller/permitter.rb', line 24

def permit(*args)
  options = args.extract_options!

  args.each do |name|
    self.permitted_attributes += [ActionController::PermitterAttribute.new(name, options)]
  end
end

.resource(name) ⇒ Object

# File 'lib/action_controller/permitter.rb', line 38

def resource(name)
  self.resource_name_override = name
end

.resource_name ⇒ Object

# File 'lib/action_controller/permitter.rb', line 42

def resource_name
  name = self.name

  # in Rails 3.2+ could do:
  # name.demodulize.chomp('Permitter').underscore.to_sym
  # Rails < 3.2
  last_index = name.rindex('::')
  resource_name_override || (last_index ? name[(last_index+2)..-1] : name).chomp('Permitter').underscore.to_sym
end

.scope(name) ⇒ Object

# File 'lib/action_controller/permitter.rb', line 32

def scope(name)
  with_options :scope => name do |nested|
    yield nested
  end
end

Instance Method Details

#authorize!(*args, &block) ⇒ Object

# File 'lib/action_controller/permitter.rb', line 86

def authorize!(*args, &block)
  # implementing here is clearer than doing a delegate :authorize!, :to => :authorizer, imo.
  authorizer ? authorizer.__send__(:authorize!, *args, &block) : nil
end

#permitted_params ⇒ Object

# File 'lib/action_controller/permitter.rb', line 57

def permitted_params
  scopes = {}
  unscoped_attributes = []

  permitted_attributes.each do |attribute|
    scope_name = attribute.options[:scope]
    (scope_name ? (scopes[scope_name] ||= []) : unscoped_attributes) << attribute.name
  end

  # class_attribute creates an instance method called resource_name, which we'll allow overriding of in the permitter definition, if desired for some odd reason.
  @filtered_params ||= params.require(resource_name).permit(*unscoped_attributes, scopes)

  permitted_attributes.select {|a| a.options[:authorize]}.each do |attribute|
    scope_name = attribute.options[:scope]
    values = scope_name ? Array.wrap(@filtered_params[scope_name]).collect {|hash| hash[attribute.name]}.compact : Array.wrap(@filtered_params[attribute.name])
    klass_name = attribute.options[:as].try(:to_s) || attribute.name.to_s.split(/(.+)_ids?/)[1]
    raise PermitterError.new("Cannot permit #{attribute.name.inspect} unless you specify the the attribute name (e.g. :something_id or :something_ids), or a class name via the :as option (e.g. :as => Something)") unless klass_name
    klass = klass_name.classify.constantize

    values.each do |record_id|
      record = klass.find record_id
      permission = attribute.options[:authorize].to_sym || :read
      authorize! permission, record
    end
  end

  @filtered_params
end

#resource_name ⇒ Object

# File 'lib/action_controller/permitter.rb', line 91

def resource_name
  self.class.resource_name
end