Module: Petergate::ControllerMethods

Included in:
ActionController::Base
Defined in:
lib/petergate.rb

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

ALLRESTDEP = 
[:show, :index, :new, :edit, :update, :create, :destroy]

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object 



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/petergate.rb', line 48

def self.included(base)
  base.extend(ClassMethods)
  base.helper_method :logged_in?
  base.before_filter do 
    unless logged_in?(:admin)
      message= defined?(check_access) ? check_access : true
      if message.is_a?(String) || message == false
        if user_signed_in?
          respond_to do |format|
            format.any(:js, :json, :xml) { render nothing: true, status: :forbidden }
            format.html do
              redirect_to (request.referrer || (current_user)), :notice => message || "Permission Denied"
            end
          end
        else
          authenticate_user!
        end
      end
    end
  end
end

Instance Method Details

#logged_in?(*roles) ⇒ Boolean

Returns:

  • (Boolean) 


103
104
105
 
# File 'lib/petergate.rb', line 103

def logged_in?(*roles)
  current_user && (roles & current_user.roles).any?
end

#parse_permission_rules(rules) ⇒ Object 



70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/petergate.rb', line 70

def parse_permission_rules(rules)
  rules = rules.inject({}) do |h, (k, v)| 
    special_values = case v.class.to_s
                     when "Symbol"
                       v == :all ? self.action_methods.to_a.map(&:to_sym) - [:check_access, :title] : raise("No action for: #{v}")
                     when "Hash"
                       v[:except].present? ? (self.action_methods.to_a.map(&:to_sym) - [:check_access, :title]) - v[:except] : raise("Invalid values for except: #{v.values}")
                     when "Array"
                       v
                     else
                       raise("No action for: #{v}")
                     end

    h.merge({k => special_values})
  end
  # Allows Array's of keys for he same hash.
  rules.inject({}){|h, (k, v)| k.class == Array ? h.merge(Hash[k.map{|kk| [kk, v]}]) : h.merge(k => v) }
end

#permissions(rules = {all: [:index, :show], customer: [], wiring: []}) ⇒ Object 



89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/petergate.rb', line 89

def permissions(rules = {all: [:index, :show], customer: [], wiring: []})
  rules = parse_permission_rules(rules)
  case params[:action].to_sym
  when *(rules[:all]) # checks where the action can be seen by :all
    true
  when *(rules[:user]) # checks if the action can be seen for all users
    user_signed_in?
  when *(rules[(user_signed_in? ? current_user.role.to_sym : :all)]) # checks if action can be seen by the  current_users role. If the user isn't logged in check if it can be seen by :all
    true
  else
    false
  end
end