| Module | Authorization::AuthorizationInController |
| In: |
lib/declarative_authorization/in_controller.rb
|
| DEFAULT_DENY | = | false |
# File lib/declarative_authorization/in_controller.rb, line 26
26: def self.failed_auto_loading_is_not_found= (new_value)
27: @@failed_auto_loading_is_not_found = new_value
28: end
# File lib/declarative_authorization/in_controller.rb, line 23
23: def self.failed_auto_loading_is_not_found?
24: @@failed_auto_loading_is_not_found
25: end
Returns the Authorization::Engine for the current controller.
# File lib/declarative_authorization/in_controller.rb, line 31
31: def authorization_engine
32: @authorization_engine ||= Authorization::Engine.instance
33: end
Intended to be used where you want to allow users with any single listed role to view the content in question
# File lib/declarative_authorization/in_controller.rb, line 75
75: def has_any_role?(*roles,&block)
76: user_roles = authorization_engine.roles_for(current_user)
77: result = roles.any? do |role|
78: user_roles.include?(role)
79: end
80: yield if result and block_given?
81: result
82: end
As has_any_role? except checks all roles included in the role hierarchy
# File lib/declarative_authorization/in_controller.rb, line 95
95: def has_any_role_with_hierarchy?(*roles, &block)
96: user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
97: result = roles.any? do |role|
98: user_roles.include?(role)
99: end
100: yield if result and block_given?
101: result
102: end
While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization. E.g. to only show the most relevant menu options to a certain group of users. That is what has_role? should be used for.
# File lib/declarative_authorization/in_controller.rb, line 64
64: def has_role? (*roles, &block)
65: user_roles = authorization_engine.roles_for(current_user)
66: result = roles.all? do |role|
67: user_roles.include?(role)
68: end
69: yield if result and block_given?
70: result
71: end
As has_role? except checks all roles included in the role hierarchy
# File lib/declarative_authorization/in_controller.rb, line 85
85: def has_role_with_hierarchy?(*roles, &block)
86: user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
87: result = roles.all? do |role|
88: user_roles.include?(role)
89: end
90: yield if result and block_given?
91: result
92: end
Works similar to the permitted_to? method, but throws the authorization exceptions, just like Engine#permit!
# File lib/declarative_authorization/in_controller.rb, line 56
56: def permitted_to! (privilege, object_or_sym = nil, options = {})
57: authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, true))
58: end
If the current user meets the given privilege, permitted_to? returns true and yields to the optional block. The attribute checks that are defined in the authorization rules are only evaluated if an object is given for context.
See examples for Authorization::AuthorizationHelper permitted_to?
If no object or context is specified, the controller_name is used as context.
# File lib/declarative_authorization/in_controller.rb, line 45
45: def permitted_to? (privilege, object_or_sym = nil, options = {})
46: if authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, false))
47: yield if block_given?
48: true
49: else
50: false
51: end
52: end
# File lib/declarative_authorization/in_controller.rb, line 169
169: def options_for_permit (object_or_sym = nil, options = {}, bang = true)
170: context = object = nil
171: if object_or_sym.nil?
172: context = self.class.decl_auth_context
173: elsif !Authorization.is_a_association_proxy?(object_or_sym) and object_or_sym.is_a?(Symbol)
174: context = object_or_sym
175: else
176: object = object_or_sym
177: end
178:
179: {:user => current_user,
180: :object => object,
181: :context => context,
182: :skip_attribute_test => object.nil?,
183: :bang => bang}.merge(options)
184: end