Module: RequirePermissions::ClassMethods

Defined in:
lib/require_permissions.rb

Instance Method Summary collapse

Instance Method Details

#require_permissions(options = {}) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/require_permissions.rb', line 9

def require_permissions(options = {})
  method = options.delete(:method)
  method ||= :editable_by?

  redirect = options.delete(:redirect)
  redirect ||= nil

  success = options.delete(:success)
  success ||= lambda {}

  failure = options.delete(:failure)
  failure ||= lambda {
    if redirect
      flash[:error] = t("permissions.not_authorised_error") #You were not authorised to see that page
      redirect_to case redirect
                  when Symbol then self.send(redirect)
                  when Proc then instance_eval &redirect
                  else redirect
                  end
    else
      raise Exceptions::UnathorizedAccess
    end
  }

  options.each do |model, actions|
    actions = {:only => Array(actions)} unless actions.kind_of? Hash

    _method = actions.delete(:method) || method
    _method = _method.to_s

    _success = actions.delete(:success) || success
    _failure = actions.delete(:failure) || failure

    negative = _method.gsub!(/^\!/, '') ? true : false
    name = :"require_#{model}_permissions_#{rand}"
    define_method(name) do
      target = instance_variable_get("@#{model}")
      return false unless target

      condition = case target.method(_method).arity
                  when 1, -1
                    target.send(_method.to_sym, current_user)
                  when -2
                    target.send(_method.to_sym, current_user, params[model])
                  else
                    raise ArgumentError, "#{target.class.name}##{_method} takes incorrect number of arguments (#{target.method(_method).arity}) - only 1 or -2 allowed."
                  end
      condition = negative ? !condition : condition
      if condition
        instance_eval &_success
      else
        instance_eval &_failure
      end
      return condition
    end
    before_filter name, actions
  end
end

#require_visibility(options = {}) ⇒ Object 



68
69
70
 
# File 'lib/require_permissions.rb', line 68

def require_visibility(options = {})
  require_permissions({:method => :visible_to?}.merge(options))
end