Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fuller `can?` example [ci skip]

  • Loading branch information...
commit bb474ff6c9a6a2a068d7441751d468db61cea090 1 parent 7683018
Nathan Long authored
Showing with 10 additions and 2 deletions.
  1. +10 −2 README.markdown
View
12 README.markdown
@@ -370,8 +370,16 @@ If the user isn't allowed to edit widgets, they won't see the link. If they're n
Authority is organized around protecting resources. But **occasionally** you **may** need to authorize something that has no particular resource. For that, it provides the generic `can?` method. It works like this:
```ruby
- current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.authorizes_to_view_stats_dashboard?`
- current_user.can?(:view_stats_dashboard, :on => :tuesdays, :with => :tea) # same, passing the options
+current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.authorizes_to_view_stats_dashboard?`
+current_user.can?(:view_stats_dashboard, :on => :tuesdays, :with => :tea) # same, passing the options
+
+# application_authorizer.rb
+class ApplicationAuthorizer < Authority::Authorizer
+ # ...
+ def self.authorizes_to_view_stats_dashboard?(user, options = {})
+ user.has_role?(:manager) # or whatever
+ end
+end
```
Use this very sparingly, and consider it a [code smell](http://en.wikipedia.org/wiki/Code_smell). Overuse will turn your `ApplicationAuthorizer` into a junk drawer of methods. Ask yourself, "am I sure I don't have a resource for this? Should I have one?"
Please sign in to comment.
Something went wrong with that request. Please try again.