Module: RestfulAclController::ClassMethods

Defined in:
lib/restful_acl_controller.rb

Instance Method Summary collapse

Instance Method Details

#has_permission?Boolean

Returns:

  • (Boolean) 


10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/restful_acl_controller.rb', line 10

def has_permission?
  return true if administrator?

  begin
    # Load the Model based on the controller name
    klass = self.controller_name.classify.constantize

    if params[:id]
      # Load the object and possible parent requested
      object = klass.find(params[:id])
      parent = object.get_mom rescue nil
    else
      # No object was requested, so we need to go to the URI to figure out the parent
      object = nil
      parent = get_parent_from_request_uri(klass) if klass.has_parent?
    end

    # Let's let the Model decide what is acceptable
    permission_denied unless case params[:action]
      when "index"          then klass.is_indexable_by(current_user, parent)
      when "new", "create"  then klass.is_creatable_by(current_user, parent)
      when "show"           then object.is_readable_by(current_user, parent)
      when "edit", "update" then object.is_updatable_by(current_user, parent)
      when "destroy"        then object.is_deletable_by(current_user, parent)
      else check_non_restful_route(current_user, klass, object, parent)
    end

  rescue NoMethodError => e
    # Misconfiguration: A RESTful_ACL specific method is missing.
    raise_error(klass, e)
  rescue
    # Failsafe: If any funny business is going on, log and redirect
    routing_error
  end
end