Module: Authorize::ActionController::InstanceMethods

Defined in:

lib/authorize/action_controller.rb

Instance Method Summary

• #permit(authorization_hash, options = {}) ⇒ Object

  Allow method-level authorization checks.

• #permit?(authorization_hash, options = {}) ⇒ Boolean

  Simple predicate for authorization.

Instance Method Details

#permit(authorization_hash, options = {}) ⇒ Object

Allow method-level authorization checks. permit (without a trailing question mark) invokes the callback “handle_authorization_failure” by default. Specify :callback => false to turn off callbacks.

# File 'lib/authorize/action_controller.rb', line 41

def permit(authorization_hash, options = {})
  options = {:callback => :handle_authorization_failure}.merge(options)
  callback = options.delete(:callback)
  if permit?(authorization_hash, options)
    yield if block_given?
  else
    __send__(callback) if callback
  end
end

#permit?(authorization_hash, options = {}) ⇒ Boolean

Simple predicate for authorization.

Returns:

• (Boolean)

# File 'lib/authorize/action_controller.rb', line 28

def permit?(authorization_hash, options = {})
  authorization_hash.any? do |(modes, resource)|
    request_mask = Authorize::Permission::Mask[modes]
    roles = options[:roles] || self.roles
    Authorize::Permission.over(resource).as(roles).permit?(request_mask).tap do |authorized|
      Rails.logger.debug("Authorization check: #{authorized ? '✔' : '✖'} #{request_mask}")
    end
  end
end