Module: Authorization::AuthorizationInController
- Defined in:
- lib/declarative_authorization/in_controller.rb
Defined Under Namespace
Modules: ClassMethods
Constant Summary collapse
- DEFAULT_DENY =
false
Class Method Summary collapse
-
.included(base) ⇒ Object
:nodoc:.
Instance Method Summary collapse
-
#authorization_engine ⇒ Object
Returns the Authorization::Engine for the current controller.
-
#has_role?(*roles, &block) ⇒ Boolean
While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization.
-
#has_role_with_hierarchy?(*roles, &block) ⇒ Boolean
As has_role? except checks all roles included in the role hierarchy.
-
#permitted_to!(privilege, object_or_sym = nil) ⇒ Object
Works similar to the permitted_to? method, but doesn’t accept a block and throws the authorization exceptions, just like Engine#permit!.
-
#permitted_to?(privilege, object_or_sym = nil, &block) ⇒ Boolean
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block.
Class Method Details
.included(base) ⇒ Object
:nodoc:
7 8 9 10 11 |
# File 'lib/declarative_authorization/in_controller.rb', line 7 def self.included(base) # :nodoc: base.extend(ClassMethods) base.hide_action :authorization_engine, :permitted_to?, :permitted_to! end |
Instance Method Details
#authorization_engine ⇒ Object
Returns the Authorization::Engine for the current controller.
16 17 18 |
# File 'lib/declarative_authorization/in_controller.rb', line 16 def @authorization_engine ||= Authorization::Engine.instance end |
#has_role?(*roles, &block) ⇒ Boolean
While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization. E.g. to only show the most relevant menu options to a certain group of users. That is what has_role? should be used for.
63 64 65 66 67 68 69 70 |
# File 'lib/declarative_authorization/in_controller.rb', line 63 def has_role? (*roles, &block) user_roles = .roles_for(current_user) result = roles.all? do |role| user_roles.include?(role) end yield if result and block_given? result end |
#has_role_with_hierarchy?(*roles, &block) ⇒ Boolean
As has_role? except checks all roles included in the role hierarchy
73 74 75 76 77 78 79 80 |
# File 'lib/declarative_authorization/in_controller.rb', line 73 def has_role_with_hierarchy?(*roles, &block) user_roles = .roles_with_hierarchy_for(current_user) result = roles.all? do |role| user_roles.include?(role) end yield if result and block_given? result end |
#permitted_to!(privilege, object_or_sym = nil) ⇒ Object
Works similar to the permitted_to? method, but doesn’t accept a block and throws the authorization exceptions, just like Engine#permit!
45 46 47 48 49 50 51 52 53 54 55 56 57 |
# File 'lib/declarative_authorization/in_controller.rb', line 45 def permitted_to! (privilege, object_or_sym = nil) context = object = nil if object_or_sym.is_a?(Symbol) context = object_or_sym else object = object_or_sym end .permit!(privilege, {:user => current_user, :object => object, :context => context, :skip_attribute_test => object.nil?}) end |
#permitted_to?(privilege, object_or_sym = nil, &block) ⇒ Boolean
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block. The attribute checks that are defined in the authorization rules are only evaluated if an object is given for context.
See examples for Authorization::AuthorizationHelper #permitted_to?
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/declarative_authorization/in_controller.rb', line 27 def permitted_to? (privilege, object_or_sym = nil, &block) context = object = nil if object_or_sym.is_a?(Symbol) context = object_or_sym else object = object_or_sym end # TODO infer context also from self.class.name .permit?(privilege, {:user => current_user, :object => object, :context => context, :skip_attribute_test => object.nil?}, &block) end |