Module: CanCan::ControllerAdditions::ClassMethods

Defined in:
lib/cancan/controller_additions.rb

Instance Method Summary collapse

Instance Method Details

#authorize_resource(options = {}) ⇒ Object

Sets up a before filter which authorizes the current resource using the instance variable. For example, if you have an ArticlesController it will check the @article instance variable and ensure the user can perform the current action on it. Under the hood it is doing something like the following.

unauthorized! if cannot?(params[:action].to_sym, @article || Article)

Call this method directly on the controller class.

class BooksController < ApplicationController
  authorize_resource
end

See load_and_authorize_resource to automatically load the resource too.

Options:

:only

Only applies before filter to given actions.

:except

Does not apply before filter to given actions.

:class

The class to use for the model.



108
109
110
 
# File 'lib/cancan/controller_additions.rb', line 108

def authorize_resource(options = {})
  before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).authorize_resource }
end

#load_and_authorize_resource(options = {}) ⇒ Object

Sets up a before filter which loads and authorizes the current resource. This performs both load_resource and authorize_resource and accepts the same arguments. See those methods for details.

class BooksController < ApplicationController
  load_and_authorize_resource
end



14
15
16
 
# File 'lib/cancan/controller_additions.rb', line 14

def load_and_authorize_resource(options = {})
  before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).load_and_authorize_resource }
end

#load_resource(options = {}) ⇒ Object

Sets up a before filter which loads the appropriate model resource into an instance variable. For example, given an ArticlesController it will load the current article into the @article instance variable. It does this by either calling Article.find(params) or Article.new(params) depending upon the action. It does nothing for the “index” action.

Call this method directly on the controller class.

class BooksController < ApplicationController
  load_resource
end

A resource is not loaded if the instance variable is already set. This makes it easy to override the behavior through a before_filter on certain actions.

class BooksController < ApplicationController
  before_filter :find_book_by_permalink, :only => :show
  load_resource

  private

  def find_book_by_permalink
    @book = Book.find_by_permalink!(params[:id)
  end
end

See load_and_authorize_resource to automatically authorize the resource too.

Options:

:only

Only applies before filter to given actions.

:except

Does not apply before filter to given actions.

:nested

Specify which resource this is nested under.

load_resource :nested => :author

Deep nesting can be defined in an array.

load_resource :nested => [:publisher, :author]
:class

The class to use for the model.

:collection

Specify which actions are resource collection actions in addition to :index. This is usually not necessary because it will try to guess depending on if an :id is present in params.

load_resource :collection => [:sort, :list]
:new

Specify which actions are new resource actions in addition to :new and :create. Pass an action name into here if you would like to build a new resource instead of fetch one.

load_resource :new => :build



79
80
81
 
# File 'lib/cancan/controller_additions.rb', line 79

def load_resource(options = {})
  before_filter(options.slice(:only, :except)) { |c| ResourceAuthorization.new(c, c.params, options.except(:only, :except)).load_resource }
end