Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Branch: master
Fetching contributors…

Cannot retrieve contributors at this time

43 lines (31 sloc) 1.337 kB
* Complex roles with ANDing.
Something like:
access_control do
allow all, :except => :destroy
allow complex_role, :to => :destroy do
is :strong
is :decisive
is :owner, :of => :object
is_not :banned
is_not :fake
* Acl9-based menu generator.
If you get Access Denied on /secrets/index, probably you shouldn't see "Secrets" item
in the menu at all.
It can be very DRY. Say, we introduce :menu => true option to access_control method which
will make it register a lambda (can see/cannot see) in some global hash (indexed by controller name).
Then, given an URL, you'll be able to check it against this hash. /secrets/index is mapped to
SecretsController#index, so you run access_control_hash['SecretsController'].call('index') and
show the link only if true is returned.
The problem here is with objects. SecretsController's access_control block can reference instance
variables during the permission check, but we have only current instantiated controller which can be any.
Another option is to distinguish visible part from access control part.
menu do
item 'Home', home_path
item 'Secrets', secrets_path do
allow :trusted
# ...
Here only "trusted" users will see "Secrets" item.
Jump to Line
Something went wrong with that request. Please try again.