Module: ActiveSecurity::Scoped
- Defined in:
- lib/active_security/scoped.rb
Overview
## Required Scope
The Scoped module allows ActiveSecurity to enforce querying within a scope.
This allows, for example:
class Restaurant < ActiveRecord::Base
extend ActiveSecurity
belongs_to :city
active_security use: :scoped, scope: :city
end
class City < ActiveRecord::Base
extend ActiveSecurity
has_many :restaurants
end
City.find_by(name: "seattle").restaurants.restricted.find(23)
City.find_by(name: "chicago").restaurants.restricted.find(23)
The value for the ‘:scope` option can be the name of a `belongs_to` relation, or a column.
Additionally, the ‘:scope` option can receive an array of scope values:
class Cuisine < ActiveRecord::Base
extend ActiveSecurity
has_many :restaurants
end
class City < ActiveRecord::Base
extend ActiveSecurity
has_many :restaurants
end
class Restaurant < ActiveRecord::Base
extend ActiveSecurity
belongs_to :city
active_security use: :scoped, scope: [:city, :cuisine]
end
All supplied values will be used to determine scope.
### Finding Records
It’s best to query through the relation:
@city.restaurants.restricted.find(23)
Alternatively, you could pass the scope value as a query parameter:
Restaurant.where(city_id: @city.id).restricted.find(23)
Defined Under Namespace
Modules: Configuration
Class Method Summary collapse
-
.included(model_class) ⇒ Object
Sets up behavior and configuration options for scoped feature.
Class Method Details
.included(model_class) ⇒ Object
Sets up behavior and configuration options for scoped feature.
62 63 64 65 66 |
# File 'lib/active_security/scoped.rb', line 62 def included(model_class) model_class.class_eval do active_security_config.class.send(:include, Configuration) end end |