9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
# File 'lib/require_permissions.rb', line 9
def require_permissions(options = {})
method = options.delete(:method)
method ||= :editable_by?
redirect = options.delete(:redirect)
redirect ||= nil
success = options.delete(:success)
success ||= lambda {}
failure = options.delete(:failure)
failure ||= lambda {
if redirect
flash[:error] = t("permissions.not_authorised_error") redirect_to case redirect
when Symbol then self.send(redirect)
when Proc then instance_eval &redirect
else redirect
end
else
raise Exceptions::UnathorizedAccess
end
}
options.each do |model, actions|
actions = {:only => actions} if actions.kind_of? Array
_method = actions.delete(:method) || method
_method = _method.to_s
_success = actions.delete(:success) || success
_failure = actions.delete(:failure) || failure
negative = _method.gsub!(/^\!/, '') ? true : false
name = :"require_#{model}_permissions_#{rand}"
define_method(name) do
target = instance_variable_get("@#{model}")
return false unless target
condition = target.send(_method.to_sym, current_user)
condition = negative ? !condition : condition
if condition
instance_eval &_success
else
instance_eval &_failure
end
return condition
end
before_filter name, actions
end
end
|