Module: Authorization::AuthorizationInController
- Defined in:
- lib/declarative_authorization/in_controller.rb
Defined Under Namespace
Modules: ClassMethods
Constant Summary collapse
- DEFAULT_DENY =
false
Class Method Summary collapse
-
.included(base) ⇒ Object
:nodoc:.
Instance Method Summary collapse
-
#authorization_engine ⇒ Object
Returns the Authorization::Engine for the current controller.
-
#has_role?(*roles, &block) ⇒ Boolean
While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization.
-
#has_role_with_hierarchy?(*roles, &block) ⇒ Boolean
As has_role? except checks all roles included in the role hierarchy.
-
#permitted_to!(privilege, object_or_sym = nil, options = {}, &block) ⇒ Object
Works similar to the permitted_to? method, but throws the authorization exceptions, just like Engine#permit!.
-
#permitted_to?(privilege, object_or_sym = nil, options = {}, &block) ⇒ Boolean
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block.
Class Method Details
.included(base) ⇒ Object
:nodoc:
7 8 9 10 11 |
# File 'lib/declarative_authorization/in_controller.rb', line 7 def self.included(base) # :nodoc: base.extend(ClassMethods) base.hide_action :authorization_engine, :permitted_to?, :permitted_to! end |
Instance Method Details
#authorization_engine ⇒ Object
Returns the Authorization::Engine for the current controller.
16 17 18 |
# File 'lib/declarative_authorization/in_controller.rb', line 16 def @authorization_engine ||= Authorization::Engine.instance end |
#has_role?(*roles, &block) ⇒ Boolean
While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization. E.g. to only show the most relevant menu options to a certain group of users. That is what has_role? should be used for.
65 66 67 68 69 70 71 72 |
# File 'lib/declarative_authorization/in_controller.rb', line 65 def has_role? (*roles, &block) user_roles = .roles_for(current_user) result = roles.all? do |role| user_roles.include?(role) end yield if result and block_given? result end |
#has_role_with_hierarchy?(*roles, &block) ⇒ Boolean
As has_role? except checks all roles included in the role hierarchy
75 76 77 78 79 80 81 82 |
# File 'lib/declarative_authorization/in_controller.rb', line 75 def has_role_with_hierarchy?(*roles, &block) user_roles = .roles_with_hierarchy_for(current_user) result = roles.all? do |role| user_roles.include?(role) end yield if result and block_given? result end |
#permitted_to!(privilege, object_or_sym = nil, options = {}, &block) ⇒ Object
Works similar to the permitted_to? method, but throws the authorization exceptions, just like Engine#permit!
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/declarative_authorization/in_controller.rb', line 36 def permitted_to! (privilege, object_or_sym = nil, = {}, &block) context = object = nil if object_or_sym.nil? context = self.class.controller_name.to_sym elsif object_or_sym.is_a?(Symbol) context = object_or_sym else object = object_or_sym end non_bang = .delete(:non_bang) args = [ privilege, {:user => current_user, :object => object, :context => context, :skip_attribute_test => object.nil?}.merge() ] if non_bang .permit?(*args, &block) else .permit!(*args, &block) end end |
#permitted_to?(privilege, object_or_sym = nil, options = {}, &block) ⇒ Boolean
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block. The attribute checks that are defined in the authorization rules are only evaluated if an object is given for context.
See examples for Authorization::AuthorizationHelper #permitted_to?
If no object or context is specified, the controller_name is used as context.
30 31 32 |
# File 'lib/declarative_authorization/in_controller.rb', line 30 def permitted_to? (privilege, object_or_sym = nil, = {}, &block) permitted_to!(privilege, object_or_sym, .merge(:non_bang => true), &block) end |