Module: Authorization::AuthorizationInController
- Defined in:
- lib/declarative_authorization/in_controller.rb
Defined Under Namespace
Modules: ClassMethods
Constant Summary
- DEFAULT_DENY =
false- @@failed_auto_loading_is_not_found =
If attribute_check is set for filter_access_to, decl_auth_context will try to load the appropriate object from the current controller's model with the id from params. If that fails, a 404 Not Found is often the right way to handle the error. If you have additional measures in place that restricts the find scope, handling this error as a permission denied might be a better way. Set failed_auto_loading_is_not_found to false for the latter behavior.
true
Class Method Summary (collapse)
- + (Object) failed_auto_loading_is_not_found=(new_value)
- + (Boolean) failed_auto_loading_is_not_found?
-
+ (Object) included(base)
:nodoc:.
Instance Method Summary (collapse)
-
- (Object) authorization_engine
Returns the Authorization::Engine for the current controller.
-
- (Boolean) has_any_role?(*roles, &block)
Intended to be used where you want to allow users with any single listed role to view the content in question.
-
- (Boolean) has_any_role_with_hierarchy?(*roles, &block)
As has_any_role? except checks all roles included in the role hierarchy.
-
- (Boolean) has_role?(*roles, &block)
While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization.
-
- (Boolean) has_role_with_hierarchy?(*roles, &block)
As has_role? except checks all roles included in the role hierarchy.
-
- (Object) permitted_to!(privilege, object_or_sym = nil, options = {})
Works similar to the permitted_to? method, but throws the authorization exceptions, just like Engine#permit!.
-
- (Boolean) permitted_to?(privilege, object_or_sym = nil, options = {})
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block.
Class Method Details
+ (Object) failed_auto_loading_is_not_found=(new_value)
26 27 28 |
# File 'lib/declarative_authorization/in_controller.rb', line 26 def self.failed_auto_loading_is_not_found= (new_value) @@failed_auto_loading_is_not_found = new_value end |
+ (Boolean) failed_auto_loading_is_not_found?
23 24 25 |
# File 'lib/declarative_authorization/in_controller.rb', line 23 def self.failed_auto_loading_is_not_found? @@failed_auto_loading_is_not_found end |
+ (Object) included(base)
:nodoc:
7 8 9 10 11 |
# File 'lib/declarative_authorization/in_controller.rb', line 7 def self.included(base) # :nodoc: base.extend(ClassMethods) base.hide_action :authorization_engine, :permitted_to?, :permitted_to! end |
Instance Method Details
- (Object) authorization_engine
Returns the Authorization::Engine for the current controller.
31 32 33 |
# File 'lib/declarative_authorization/in_controller.rb', line 31 def @authorization_engine ||= Authorization::Engine.instance end |
- (Boolean) has_any_role?(*roles, &block)
Intended to be used where you want to allow users with any single listed role to view the content in question
75 76 77 78 79 80 81 82 |
# File 'lib/declarative_authorization/in_controller.rb', line 75 def has_any_role?(*roles,&block) user_roles = .roles_for(current_user) result = roles.any? do |role| user_roles.include?(role) end yield if result and block_given? result end |
- (Boolean) has_any_role_with_hierarchy?(*roles, &block)
As has_any_role? except checks all roles included in the role hierarchy
95 96 97 98 99 100 101 102 |
# File 'lib/declarative_authorization/in_controller.rb', line 95 def has_any_role_with_hierarchy?(*roles, &block) user_roles = .roles_with_hierarchy_for(current_user) result = roles.any? do |role| user_roles.include?(role) end yield if result and block_given? result end |
- (Boolean) has_role?(*roles, &block)
While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization. E.g. to only show the most relevant menu options to a certain group of users. That is what has_role? should be used for.
64 65 66 67 68 69 70 71 |
# File 'lib/declarative_authorization/in_controller.rb', line 64 def has_role? (*roles, &block) user_roles = .roles_for(current_user) result = roles.all? do |role| user_roles.include?(role) end yield if result and block_given? result end |
- (Boolean) has_role_with_hierarchy?(*roles, &block)
As has_role? except checks all roles included in the role hierarchy
85 86 87 88 89 90 91 92 |
# File 'lib/declarative_authorization/in_controller.rb', line 85 def has_role_with_hierarchy?(*roles, &block) user_roles = .roles_with_hierarchy_for(current_user) result = roles.all? do |role| user_roles.include?(role) end yield if result and block_given? result end |
- (Object) permitted_to!(privilege, object_or_sym = nil, options = {})
Works similar to the permitted_to? method, but throws the authorization exceptions, just like Engine#permit!
56 57 58 |
# File 'lib/declarative_authorization/in_controller.rb', line 56 def permitted_to! (privilege, object_or_sym = nil, = {}) .permit!(privilege, (object_or_sym, , true)) end |
- (Boolean) permitted_to?(privilege, object_or_sym = nil, options = {})
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block. The attribute checks that are defined in the authorization rules are only evaluated if an object is given for context.
See examples for Authorization::AuthorizationHelper #permitted_to?
If no object or context is specified, the controller_name is used as context.
45 46 47 48 49 50 51 52 |
# File 'lib/declarative_authorization/in_controller.rb', line 45 def permitted_to? (privilege, object_or_sym = nil, = {}) if .permit!(privilege, (object_or_sym, , false)) yield if block_given? true else false end end |
