Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add example for the :scope option. Small changes to examples.

  • Loading branch information...
commit dd8def59c806416171fba94d6dbfb27b496a4544 1 parent 57c5276
Manfred Stienstra Manfred authored
11 examples/administrations_controller.rb
View
@@ -0,0 +1,11 @@
+# The administrations controller is nested under organizations (ie. /organizations/3214/administrations)
+class PagesController < ApplicationController
+ # The following rule only allows @authenticated if @authenticated.organization.id == params[:organization_id].
+ # Roughly translated this means that the authenticated user can only access resources belonging to its own
+ # organization.
+ allow_access :authenticated, :scope => :article
+
+ def index
+ @administrations = @authenticated.organization.administrations
+ end
+end
2  examples/application.rb
View
@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
# before any sensitive processing occurs.
before_filter :find_authenticated, :block_access
- protected
+ private
# Find the authenticated user
def find_authenticated
2  examples/application_with_multiple_auth_methods.rb
View
@@ -1,7 +1,7 @@
class ApplicationController < ActionController::Base
before_filter :find_authenticated, :block_access
- protected
+ private
# Find the authenticated user, cookie based authentication for browser users and HTTP Basic Authentication for
# API users. Note that this does not allow you to get HTML resources when logged in through Basic Auth.
2  examples/page_controller_with_full_policy.rb
View
@@ -16,7 +16,7 @@ def index
def show; end
- protected
+ private
def find_user
@user = User.find params[:user_id]
4 examples/pages_controller.rb
View
@@ -1,4 +1,4 @@
-# The pages controller is a nest resource under users (ie. /users/12/pages)
+# The pages controller is nested under users (ie. /users/12/pages)
class PagesController < ApplicationController
# Users can only reach pages nested under their user_id. Note that this doesn't define the complete access policy,
# some of the authorization is still done in the actions. See pages_controller_with_full_policy.rb for an example
@@ -17,7 +17,7 @@ def show
head :forbidden
end
- protected
+ private
def find_user
@user = User.find params[:user_id]
Please sign in to comment.
Something went wrong with that request. Please try again.