Module: ActiveRecordPermissions::Permissions
- Defined in:
- lib/six-updater-web/vendor/plugins/active_scaffold/lib/active_record_permissions.rb
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#authorized_for?(options = {}) ⇒ Boolean
A generic authorization query.
-
#existing_record_check? ⇒ Boolean
Because any class-level queries get delegated to the instance level via a new record, it’s useful to know when the authorization query is meant for a specific record or not.
Class Method Details
.included(base) ⇒ Object
71 72 73 |
# File 'lib/six-updater-web/vendor/plugins/active_scaffold/lib/active_record_permissions.rb', line 71 def self.included(base) base.extend ClassMethods end |
Instance Method Details
#authorized_for?(options = {}) ⇒ Boolean
A generic authorization query. This is what will be called programatically, since the actual permission methods can’t be guaranteed to exist. And because we want to intelligently combine multiple applicable methods.
options should be a CRUD verb (:create, :read, :update, :destroy) options should be the name of a model attribute
81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
# File 'lib/six-updater-web/vendor/plugins/active_scaffold/lib/active_record_permissions.rb', line 81 def ( = {}) # AST allowed_actions raise ArgumentError, "unknown action #{[:action]}" if [:action] and !ActiveRecordPermissions.allowed_actions.include?([:action]) # column_authorized_for_action? has priority over other methods, # you can disable an action and enable that action for a column # (for example, disable update and enable inplace_edit in a column) method = column_and_action_security_method([:column], [:action]) return send(method) if method and respond_to?(method) # collect the possibly-related methods that actually exist methods = [ column_security_method([:column]), action_security_method([:action]), ].compact.select {|m| respond_to?(m)} # if any method returns false, then return false return false if methods.any? {|m| !send(m)} # if any method actually exists then it must've returned true, so return true return true unless methods.empty? # if no method exists, return the default permission return ActiveRecordPermissions. end |
#existing_record_check? ⇒ Boolean
Because any class-level queries get delegated to the instance level via a new record, it’s useful to know when the authorization query is meant for a specific record or not. But using new_record? is confusing, even though accurate. So this is basically just a wrapper.
110 111 112 |
# File 'lib/six-updater-web/vendor/plugins/active_scaffold/lib/active_record_permissions.rb', line 110 def existing_record_check? !new_record? end |