Module: Trust::Controller::TrustInstanceMethods

Defined in:
lib/trust/controller.rb

Instance Method Summary collapse

Instance Method Details

#access_controlObject

Performs the actual access_control.

This method is triggered as a callback on before_filter



216
217
218
 
# File 'lib/trust/controller.rb', line 216

def access_control
  authorization.authorize!
end

#authorizationObject

maintains access to the authorization object



221
222
223
 
# File 'lib/trust/controller.rb', line 221

def authorization
  @authorization ||= Trust::Authorization.new(action_name, resource)
end

#can?(action_name, subject = resource.instance || resource.relation.new, parent = resource.parent) ⇒ Boolean

Tests for current users permissions.

If access control is not sufficient in controller, you may use this method. Also available as a helper in views.

Examples

+can? :edit+                          # does the current user have permission to edit the current resource? 
                                      # If there is a nested resource, the parent is automatically associated
+can? :edit, @customer+               # does the current user have permission to edit the given customer? 
                                      # Parent is also passed on here.
+can? :edit, @account, @client+       # is current user allowed to edit the account associated with the client?

Returns:

  • (Boolean) 


236
237
238
 
# File 'lib/trust/controller.rb', line 236

def can?(action_name, subject = resource.instance || resource.relation.new, parent = resource.parent)
  Trust::Authorization.authorized?(action_name, subject, parent)
end

#load_resourceObject

Loads the resource which basically means loading the instance and eventual parent defined through belongs_to

This method is triggered as a callback on before_filter See Resource for more information



204
205
206
207
208
209
210
211
 
# File 'lib/trust/controller.rb', line 204

def load_resource
  if resource.new_action?
    authorization.preload
    authorization.instance_loaded resource.load # need to set instance on authorizing object
  else
    resource.load
  end
end

#propertiesObject

Returns the controller Trust::Controller::Properties. If no properties are instantiated, it will be instantiated.

Delegated methods

The following methods are delegated to properties. See Trust::Controller::Properties for details

  • belongs_to - define one or more associations to parents

  • actions - acion definitions outside the restful actions

  • model - Redefine the model used in the controller (if it’s name does not match the controller_path)



170
171
172
 
# File 'lib/trust/controller.rb', line 170

def properties
  self.class.properties
end

#resourceObject

Returns the Trust::Controller::Resource resource for the controller.

Available as a helper in views. See Resource for relevant methods.



192
193
194
 
# File 'lib/trust/controller.rb', line 192

def resource
  @resource ||= Trust::Controller::Resource.new(self, self.class.properties, action_name, params, request)
end

#resource?Boolean

Returns true if resource has been loaded

Returns:

  • (Boolean) 


197
198
199
 
# File 'lib/trust/controller.rb', line 197

def resource?
  !@resource.nil?
end

#set_userObject

Sets the current user. It assumes current_user is defined.

This method is triggered as a callback on before_filter. You may override this method.

Example

def set_user
  Trust::Authorization.user = Thread[:current_user]
end



184
185
186
 
# File 'lib/trust/controller.rb', line 184

def set_user
  Trust::Authorization.user = current_user
end