Module: Petergate::ActionController::Base

Included in:

ActionController::Base

Defined in:

lib/petergate/action_controller/base.rb

Defined Under Namespace

Modules: ClassMethods

Constant Summary

ALLRESTDEP =

[:show, :index, :new, :edit, :update, :create, :destroy]

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #custom_message ⇒ Object
• #forbidden!(msg = nil) ⇒ Object
• #logged_in?(*roles) ⇒ Boolean
• #parse_permission_rules(rules) ⇒ Object
• #permissions(rules = {all: [:index, :show], customer: [], wiring: []}) ⇒ Object
• #unauthorized! ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/petergate/action_controller/base.rb', line 56

def self.included(base)
  base.extend(ClassMethods)
  base.helper_method :logged_in?, :forbidden!
  base.before_filter do 
    unless logged_in?(:root_admin)
      message= defined?(check_access) ? check_access : true
      if message == false || message.is_a?(String)
        if current_user || @user
          forbidden! message
        else
          unauthorized!
        end
      end
    end
  end
end

Instance Method Details

#custom_message ⇒ Object

# File 'lib/petergate/action_controller/base.rb', line 105

def custom_message
  defined?(self.class.controller_message) ? self.class.controller_message : 'Permission Denied'
end

#forbidden!(msg = nil) ⇒ Object

# File 'lib/petergate/action_controller/base.rb', line 118

def forbidden!(msg = nil)
  respond_to do |format|
    format.any(:js, :json, :xml) { render nothing: true, status: :forbidden }
    format.html do
      destination = current_user.present? ? request.referrer || after_sign_in_path_for(current_user) : root_path
      redirect_to destination, notice: (msg || custom_message)
    end
  end
end

#logged_in?(*roles) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/petergate/action_controller/base.rb', line 101

def logged_in?(*roles)
  current_user && current_user.has_roles?(*roles)
end

#parse_permission_rules(rules) ⇒ Object

# File 'lib/petergate/action_controller/base.rb', line 73

def parse_permission_rules(rules)
  rules = rules.inject({}) do |h, (k, v)| 
    special_values = case v.class.to_s
                     when "Symbol"
                       v == :all ? self.class.all_actions : raise("No action for: #{v}")
                     when "Hash"
                       v[:except].present? ? self.class.except_actions(v[:except]) : raise("Invalid values for except: #{v.values}")
                       when "Array"
                         v
                       else
                         raise("No action for: #{v}")
                       end

    h.merge({k => special_values})
  end
  # Allows Array's of keys for he same hash.
  rules = rules.inject({}){|h, (k, v)| k.class == Array ? h.merge(Hash[k.map{|kk| [kk, v]}]) : h.merge(k => v) }
end

#permissions(rules = {all: [:index, :show], customer: [], wiring: []}) ⇒ Object

# File 'lib/petergate/action_controller/base.rb', line 92

def permissions(rules = {all: [:index, :show], customer: [], wiring: []})
  rules = parse_permission_rules(rules)
  allowances = [rules[:all]]
  current_user.roles.each do |role|
    allowances << rules[role]
  end if logged_in?(:user)
  allowances.flatten.compact.include?(action_name.to_sym)
end

#unauthorized! ⇒ Object

# File 'lib/petergate/action_controller/base.rb', line 109

def unauthorized!
  respond_to do |format|
    format.any(:js, :json, :xml) { render nothing: true, status: :unauthorized }
    format.html do
      authenticate_user! 
    end
  end
end