Module: CanCanCan::AbstractResourceController
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/cancancan/version.rb,
lib/cancancan/configuration.rb,
lib/cancancan_resource_controller.rb,
lib/cancancan/abstract_resource_controller.rb
Defined Under Namespace
Classes: Configuration
Constant Summary collapse
- VERSION =
'1.0.2'- MAX_ASSOCIATIVE_NESTED_DEPTH =
Used to stop infinite recursive on associations (could just be deeply nested structures. Could also be self-referencing).
60- REGEX_FOR_HTML_TAG_DETECTION =
/.*\<\/?[^_\W]+\>.*/- DEFAULT_PARAMETER_SANITIZER_ALLOWED_TAGS =
probably a better way to do this. If there is, it’s poorly documented.
DEFAULT_PARAMETER_SANITIZER_ALLOWED_TAGS - Add to this env var any values to also allow for HTML tags (i.e.: label,span,text_area) DEFAULT_PARAMETER_SANITIZER_ALLOWED_ATTRIBS - Add to this env var any values to also allow for HTML attribs (i.e.: ng-show,ng-hide,data-id)
( %w[ p div span body b strong br center font label pre tr td table text_area ul li footer em ol i select option ] + (ENV['DEFAULT_PARAMETER_SANITIZER_ALLOWED_TAGS']&.split(',')&.collect(&:strip) || []) ).freeze
- DEFAULT_PARAMETER_SANITIZER_ALLOWED_ATTRIBS =
Only allow attribs that are allowed in HTML friendly text blocks
-
i.e. NO HREFs!
-
( %w[ style id class type value ] + (ENV['DEFAULT_PARAMETER_SANITIZER_ALLOWED_ATTRIBS']&.split(',')&.collect(&:strip) || []) ).freeze
Class Attribute Summary collapse
-
.configuration ⇒ Object
Returns the value of attribute configuration.
Class Method Summary collapse
Instance Method Summary collapse
- #create ⇒ Object
- #destroy ⇒ Object
- #edit ⇒ Object
- #index ⇒ Object
- #new ⇒ Object
- #show ⇒ Object
- #update ⇒ Object
Class Attribute Details
.configuration ⇒ Object
Returns the value of attribute configuration.
12 13 14 |
# File 'lib/cancancan_resource_controller.rb', line 12 def configuration @configuration end |
Class Method Details
.configure {|configuration| ... } ⇒ Object
23 24 25 |
# File 'lib/cancancan_resource_controller.rb', line 23 def self.configure yield(configuration) end |
.reset ⇒ Object
19 20 21 |
# File 'lib/cancancan_resource_controller.rb', line 19 def self.reset @configuration = Configuration.new end |
Instance Method Details
#create ⇒ Object
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 |
# File 'lib/cancancan/abstract_resource_controller.rb', line 110 def create :create, @resource_class @resource ||= @resource_class.new service = CanCanCan::AssignmentAndAuthorization.new( current_ability, action_name, @resource, clean_parameter_data(params) ) if service.call respond_with_resource else begin Rails.logger.warn "Failed object validations: could not create #{@resource_class}, id: #{@resource.id}: #{@resource.errors.}" respond_with_resource_invalid rescue Exception => e Rails.logger.error "CanCanCanResourceController - Caught Internal Server Error: " + e.class.to_s + ': ' + e. Rails.logger.error Rails.backtrace_cleaner.clean(e.backtrace).join("\n").to_s respond_with_resource_error end end end |
#destroy ⇒ Object
159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 |
# File 'lib/cancancan/abstract_resource_controller.rb', line 159 def destroy :destroy, @resource_class @resource ||= @resource_class.find(params[:id]) :destroy, @resource # retuning the resource in a pre-destroyed state as a destroy response if @resource.destroy respond_after_destroy else begin Rails.logger.warn "Failed object validations: could not destroy #{@resource_class}, id: #{@resource.id}: #{@resource.errors.}" respond_with_resource_invalid rescue Exception => e Rails.logger.error "CanCanCanResourceController - Caught Internal Server Error: " + e.class.to_s + ': ' + e. Rails.logger.error Rails.backtrace_cleaner.clean(e.backtrace).join("\n").to_s respond_with_resource_error end end end |
#edit ⇒ Object
102 103 104 105 106 107 108 |
# File 'lib/cancancan/abstract_resource_controller.rb', line 102 def edit :update, @resource_class @resource ||= @resource_class.find(params[:id]) :update, @resource respond_with_resource end |
#index ⇒ Object
68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/cancancan/abstract_resource_controller.rb', line 68 def index :index, @resource_class @resources ||= @resource_class begin @resources = @resources.accessible_by(current_ability) rescue CanCan::Error => e # The accessible_by call cannot be used with a block 'can' definition # Need to switch over to SQL permissions, not using the blocks Rails.logger.error "Error: resource class, #{@resource_class.name}, is using CanCan block definitions, not SQL permissions. Unable to run index permission filter" raise e end @resources = index_resource_query(@resources) respond_with_resources end |
#new ⇒ Object
95 96 97 98 99 100 |
# File 'lib/cancancan/abstract_resource_controller.rb', line 95 def new :create, @resource_class @resource ||= @resource_class.new respond_with_resource end |
#show ⇒ Object
86 87 88 89 90 91 92 93 |
# File 'lib/cancancan/abstract_resource_controller.rb', line 86 def show :show, @resource_class # Allow @resource to be set from subclass controller @resource ||= @resource_class.find(params[:id]) :show, @resource respond_with_resource end |
#update ⇒ Object
135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/cancancan/abstract_resource_controller.rb', line 135 def update :update, @resource_class @resource ||= @resource_class.find(params[:id]) service = CanCanCan::AssignmentAndAuthorization.new( current_ability, action_name, @resource, clean_parameter_data(params) ) if service.call respond_with_resource else begin Rails.logger.warn "Failed object validations: could not update #{@resource_class}, id: #{@resource.id}: #{@resource.errors.}" respond_with_resource_error rescue Exception => e Rails.logger.error "CanCanCanResourceController - Caught Internal Server Error: " + e.class.to_s + ': ' + e. Rails.logger.error Rails.backtrace_cleaner.clean(e.backtrace).join("\n").to_s respond_with_resource_error end end end |