Class: Can4::Ability

Inherits:
Object
  • Object
show all
Defined in:
lib/can4/ability.rb

Overview

Ability class for resources.

To define an ability model for your resource, define an ability class in a location of your choosing, and define the actions available to the resource on construction.

Examples:

class Ability < Can4::Ability
  def initialize(user)
    # Handle unauthenticated users.
    user ||= User.new

    if user.admin?
      # Allow admins to perform any action.
      allow_anything!
    else
      # Will always return true for can?(:read, @comment).
      can :read, Comment

      # Will only return true for can?(:read, @private_message)
      # if the user is allowed to read the private message.
      can :read, PrivateMessage do |msg|
        msg.user_id == user.id
      end
    end
  end
end

Instance Method Summary collapse

Instance Method Details

#allow_anything!Object

Allows the object to perform any action on any subject. This overrides all #cannot rules.


63
64
65
66
67
68
69
70
71
72
73
# File 'lib/can4/ability.rb', line 63

def allow_anything!
  instance_eval do
    def can?(*)
      true
    end

    def cannot?(*)
      false
    end
  end
end

#authorize!(action, subject, *args) ⇒ Object

Checks whether this resource has authorization to perform an action on a particular subject. Raises Can4::AccessDenied if it doesn't.

Parameters:

  • action (Symbol)

    The intended action.

  • subject (Object)

    The subject of the action.

Raises:

  • (AccessDenied)

    if the object does not have permission.


81
82
83
# File 'lib/can4/ability.rb', line 81

def authorize!(action, subject, *args)
  raise AccessDenied if cannot?(action, subject, *args)
end

#can(action, subject, &block) ⇒ Object

Adds an access-granting rule.

Parameters:

  • action (Symbol)

    The action, represented as a symbol.

  • subject (Object)

    The subject.

  • block (Proc)

    An optional Proc to install for matching.


57
58
59
# File 'lib/can4/ability.rb', line 57

def can(action, subject, &block)
  rule_for(subject).add_grant(action, block)
end

#can?(action, subject) ⇒ Boolean #can?(action, subject, *args) ⇒ Boolean

Checks whether the object can perform an action on a subject.

Overloads:

  • #can?(action, subject) ⇒ Boolean

    Parameters:

    • action (Symbol)

      The action, represented as a symbol.

    • subject (Object)

      The subject.

  • #can?(action, subject, *args) ⇒ Boolean

    Parameters:

    • action (Symbol)

      The action, represented as a symbol.

    • subject (Object)

      The subject.

    • args (Object)

      Splat parameters to an installed block.

Returns:

  • (Boolean)

    True or false.


41
42
43
# File 'lib/can4/ability.rb', line 41

def can?(action, subject, *args)
  lookup_rule(subject).authorized?(action, subject, args)
end

#cannot?(*args) ⇒ Boolean

Inverse of #can?.

Returns:

  • (Boolean)

See Also:


48
49
50
# File 'lib/can4/ability.rb', line 48

def cannot?(*args)
  !can?(*args)
end