Module: Walruz::ControllerMixin::ClassMethods
- Defined in:
- lib/walruz/controller_mixin.rb
Instance Method Summary collapse
-
#before_check_crud_authorizations_on(subject) ⇒ Object
Generates dynamically all the before filters needed for authorizations on a CRUD model.
-
#check_authorization!(action, subject) ⇒ Object
Returns a before filter that will check if the actor returned by the method ‘current_user` can execute the given action on the given subject.
Instance Method Details
#before_check_crud_authorizations_on(subject) ⇒ Object
Generates dynamically all the before filters needed for authorizations on a CRUD model.
Requirements:
- The controller must have a method called `current_user` that returns the authenticated user
- The subject must implement the four actions (:create, :read, :update, :destroy) or have a :default action
Parameters:
- subject: Symbol that indicates an instance variable or method on the controller that
returns the subject
Example:
class CommentController < ActionController::Base
:@comment
# This would be the same as:
# before_filter check_authorization!(:create, :@comment), :only => [:new, :create]
# before_filter check_authorization!(:read, :@comment), :only => :show
# before_filter check_authorization!(:update, :@comment), :only => [:edit, :update]
# before_filter check_authorization!(:destroy, :@comment), :only => :destroy
end
96 97 98 99 100 101 102 103 104 105 |
# File 'lib/walruz/controller_mixin.rb', line 96 def (subject) [ [:create, ['new', 'create']], [:read, 'show'], [:update, ['edit', 'update']], [:destroy, 'destroy'] ].each do |(actor_action, actions)| before_filter((actor_action, subject), :only => actions) end end |
#check_authorization!(action, subject) ⇒ Object
Returns a before filter that will check if the actor returned by the method ‘current_user` can execute the given action on the given subject.
Requirements:
- The controller must have a method called `current_user` that returns the authenticated user
Parameters:
- action: Symbol that represents the action wich will be executed on the subject
- subject: Symbol that indicates an instance variable or method on the controller that
returns the subject
Returns:
A proc that will be executed as a before_filter method
Example:
class UserController < ActionController::Base
before_filter (:create, :user), :only => [:new, :create]
before_filter (:destroy, :complicated_method_that_returns_a_user), :only => :destroy
def complicated_method_that_returns_a_user
# some complex logic here
return user
end
end
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/walruz/controller_mixin.rb', line 54 def (action, subject) lambda do |controller| # we get the subject subject_instance = if controller.instance_variable_defined?("@%s" % subject) controller.instance_variable_get("@%s" % subject) elsif controller.respond_to?(subject) controller.send(subject) else = "There is neither an instance variable @%s nor a instance method %s on the %s instance context" % [subject, subject, controller.class.name] raise ArgumentError.new() end params = Walruz::Manager.(controller.send(:current_user), action, subject_instance) controller.set_policy_params!(params) end end |