Module: Authorizable::Controller::ClassMethods

Defined in:
lib/authorizable/controller.rb

Instance Method Summary collapse

Instance Method Details

#authorizable(config = {}) ⇒ Object

sets up a before filter that will redirect if the permission condition fails

Examples:

authorizable(
  edit: { # implies current_user.can_edit?(@event)
    target: :event,
    redirect_path: Proc.new{ hosted_event_path(@event) }
  }
)
authorizable(
  create: {
    permission: :can_create_event?,
    redirect_path: Proc.new{ hosted_events_path }
  },
  destroy: { # implies current_user.can_delete?(@event)
    target: :event,
    redirect_path: Proc.new{ hosted_event_path(@event) }
  }
)

Parameters:

  • config (Hash) (defaults to: {})

    the list of options to configure actions to be authorizable

  • action (Hash)

    a customizable set of options

Options Hash (config):

  • action (Symbol)

    the action to authorize with


46
47
48
49
50
51
52
# File 'lib/authorizable/controller.rb', line 46

def authorizable(config = {})
  Authorizable::Controller.parameters_are_valid?(config)

  self.authorizable_config = config

  self.send(:before_filter, :authorizable_authorized?)
end