| Module | Authorization::AuthorizationInController |
| In: |
lib/in_controller.rb
|
Returns the Authorization::Engine for the current controller.
# File lib/in_controller.rb, line 12
12: def authorization_engine
13: @authorization_engine ||= Authorization::Engine.instance
14: end
Works similar to the permitted_to? method, but doesn‘t accept a block and throws the authorization exceptions, just like Engine#permit!
# File lib/in_controller.rb, line 41
41: def permitted_to! (privilege, object_or_sym = nil)
42: context = object = nil
43: if object_or_sym.is_a?(Symbol)
44: context = object_or_sym
45: else
46: object = object_or_sym
47: end
48: authorization_engine.permit!(privilege,
49: {:user => current_user,
50: :object => object,
51: :context => context,
52: :skip_attribute_test => object.nil?})
53: end
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block. The attribute checks that are defined in the authorization rules are only evaluated if an object is given for context.
See examples for Authorization::AuthorizationHelper permitted_to?
# File lib/in_controller.rb, line 23
23: def permitted_to? (privilege, object_or_sym = nil, &block)
24: context = object = nil
25: if object_or_sym.is_a?(Symbol)
26: context = object_or_sym
27: else
28: object = object_or_sym
29: end
30: # TODO infer context also from self.class.name
31: authorization_engine.permit?(privilege,
32: {:user => current_user,
33: :object => object,
34: :context => context,
35: :skip_attribute_test => object.nil?},
36: &block)
37: end