Module: Authorization::AuthorizationInController

Defined in:
lib/declarative_authorization/in_controller.rb

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

DEFAULT_DENY =
false

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object

:nodoc:



7
8
9
10
11
# File 'lib/declarative_authorization/in_controller.rb', line 7

def self.included(base) # :nodoc:
  base.extend(ClassMethods)
  base.hide_action :authorization_engine, :permitted_to?,
    :permitted_to!
end

Instance Method Details

#authorization_engineObject

Returns the Authorization::Engine for the current controller.



16
17
18
# File 'lib/declarative_authorization/in_controller.rb', line 16

def authorization_engine
  @authorization_engine ||= Authorization::Engine.instance
end

#has_role?(*roles, &block) ⇒ Boolean

While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization. E.g. to only show the most relevant menu options to a certain group of users. That is what has_role? should be used for.

Returns:

  • (Boolean)


65
66
67
68
69
70
71
72
# File 'lib/declarative_authorization/in_controller.rb', line 65

def has_role? (*roles, &block)
  user_roles = authorization_engine.roles_for(current_user)
  result = roles.all? do |role|
    user_roles.include?(role)
  end
  yield if result and block_given?
  result
end

#has_role_with_hierarchy?(*roles, &block) ⇒ Boolean

As has_role? except checks all roles included in the role hierarchy

Returns:

  • (Boolean)


75
76
77
78
79
80
81
82
# File 'lib/declarative_authorization/in_controller.rb', line 75

def has_role_with_hierarchy?(*roles, &block)
  user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
  result = roles.all? do |role|
    user_roles.include?(role)
  end
  yield if result and block_given?
  result
end

#permitted_to!(privilege, object_or_sym = nil, options = {}, &block) ⇒ Object

Works similar to the permitted_to? method, but throws the authorization exceptions, just like Engine#permit!



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'lib/declarative_authorization/in_controller.rb', line 36

def permitted_to! (privilege, object_or_sym = nil, options = {}, &block)
  context = object = nil
  if object_or_sym.nil?
    context = self.class.controller_name.to_sym
  elsif object_or_sym.is_a?(Symbol)
    context = object_or_sym
  else
    object = object_or_sym
  end

  non_bang = options.delete(:non_bang)
  args = [
    privilege,
    {:user => current_user,
     :object => object,
     :context => context,
     :skip_attribute_test => object.nil?}.merge(options)
  ]
  if non_bang
    authorization_engine.permit?(*args, &block)
  else
    authorization_engine.permit!(*args, &block)
  end
end

#permitted_to?(privilege, object_or_sym = nil, options = {}, &block) ⇒ Boolean

If the current user meets the given privilege, permitted_to? returns true and yields to the optional block. The attribute checks that are defined in the authorization rules are only evaluated if an object is given for context.

See examples for Authorization::AuthorizationHelper #permitted_to?

If no object or context is specified, the controller_name is used as context.

Returns:

  • (Boolean)


30
31
32
# File 'lib/declarative_authorization/in_controller.rb', line 30

def permitted_to? (privilege, object_or_sym = nil, options = {}, &block)
  permitted_to!(privilege, object_or_sym, options.merge(:non_bang => true), &block)
end