Module: Trust::Controller::TrustInstanceMethods
- Defined in:
- lib/trust/controller.rb
Instance Method Summary collapse
-
#access_control ⇒ Object
Performs the actual access_control.
-
#authorization ⇒ Object
maintains access to the authorization object.
-
#can?(action_name, subject = resource.instance || resource.relation.new, parent = resource.parent) ⇒ Boolean
Tests for current users permissions.
-
#load_resource ⇒ Object
Loads the resource which basically means loading the instance and eventual parent defined through
belongs_to
. -
#properties ⇒ Object
Returns the controller Trust::Controller::Properties.
-
#resource ⇒ Object
Returns the Trust::Controller::Resource resource for the controller.
-
#resource? ⇒ Boolean
Returns true if resource has been loaded.
-
#set_user ⇒ Object
Sets the current user.
Instance Method Details
#access_control ⇒ Object
Performs the actual access_control.
This method is triggered as a callback on before_filter
216 217 218 |
# File 'lib/trust/controller.rb', line 216 def access_control . end |
#authorization ⇒ Object
maintains access to the authorization object
221 222 223 |
# File 'lib/trust/controller.rb', line 221 def @authorization ||= Trust::Authorization.new(action_name, resource) end |
#can?(action_name, subject = resource.instance || resource.relation.new, parent = resource.parent) ⇒ Boolean
Tests for current users permissions.
If access control is not sufficient in controller, you may use this method. Also available as a helper in views.
Examples
+can? :edit+ # does the current user have permission to edit the current resource?
# If there is a nested resource, the parent is automatically associated
+can? :edit, @customer+ # does the current user have permission to edit the given customer?
# Parent is also passed on here.
+can? :edit, @account, @client+ # is current user allowed to edit the account associated with the client?
236 237 238 |
# File 'lib/trust/controller.rb', line 236 def can?(action_name, subject = resource.instance || resource.relation.new, parent = resource.parent) Trust::Authorization.(action_name, subject, parent) end |
#load_resource ⇒ Object
Loads the resource which basically means loading the instance and eventual parent defined through belongs_to
This method is triggered as a callback on before_filter
See Resource for more information
204 205 206 207 208 209 210 211 |
# File 'lib/trust/controller.rb', line 204 def load_resource if resource.new_action? .preload .instance_loaded resource.load # need to set instance on authorizing object else resource.load end end |
#properties ⇒ Object
Returns the controller Trust::Controller::Properties. If no properties are instantiated, it will be instantiated.
Delegated methods
The following methods are delegated to properties. See Trust::Controller::Properties for details
-
belongs_to
- define one or more associations to parents -
actions
- acion definitions outside the restful actions -
model
- Redefine the model used in the controller (if it’s name does not match the controller_path)
170 171 172 |
# File 'lib/trust/controller.rb', line 170 def properties self.class.properties end |
#resource ⇒ Object
Returns the Trust::Controller::Resource resource for the controller.
Available as a helper in views. See Resource for relevant methods.
192 193 194 |
# File 'lib/trust/controller.rb', line 192 def resource @resource ||= Trust::Controller::Resource.new(self, self.class.properties, action_name, params, request) end |
#resource? ⇒ Boolean
Returns true if resource has been loaded
197 198 199 |
# File 'lib/trust/controller.rb', line 197 def resource? !@resource.nil? end |
#set_user ⇒ Object
Sets the current user. It assumes current_user
is defined.
This method is triggered as a callback on before_filter
. You may override this method.
Example
def set_user
Trust::Authorization.user = Thread[:current_user]
end
184 185 186 |
# File 'lib/trust/controller.rb', line 184 def set_user Trust::Authorization.user = current_user end |