Browse files

Fuller `can?` example [ci skip]

  • Loading branch information...
Nathan Long
Nathan Long committed Dec 10, 2012
1 parent 7683018 commit bb474ff6c9a6a2a068d7441751d468db61cea090
Showing with 10 additions and 2 deletions.
  1. +10 −2 README.markdown
@@ -370,8 +370,16 @@ If the user isn't allowed to edit widgets, they won't see the link. If they're n
Authority is organized around protecting resources. But **occasionally** you **may** need to authorize something that has no particular resource. For that, it provides the generic `can?` method. It works like this:
- current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.authorizes_to_view_stats_dashboard?`
- current_user.can?(:view_stats_dashboard, :on => :tuesdays, :with => :tea) # same, passing the options
+current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.authorizes_to_view_stats_dashboard?`
+current_user.can?(:view_stats_dashboard, :on => :tuesdays, :with => :tea) # same, passing the options
+# application_authorizer.rb
+class ApplicationAuthorizer < Authority::Authorizer
+ # ...
+ def self.authorizes_to_view_stats_dashboard?(user, options = {})
+ user.has_role?(:manager) # or whatever
+ end
Use this very sparingly, and consider it a [code smell]( Overuse will turn your `ApplicationAuthorizer` into a junk drawer of methods. Ask yourself, "am I sure I don't have a resource for this? Should I have one?"

0 comments on commit bb474ff

Please sign in to comment.