Skip to content
This repository has been archived by the owner on Nov 19, 2019. It is now read-only.

Using authority on controllers that don't have a resource

Jump to bottom
Nathan Long edited this page Aug 14, 2014 · 5 revisions

If you need to use Authority on a controller that has no resource, you can use an authorizer directly.

class SiteController < ApplicationController
  authorize_actions_for SiteAuthorizer, :actions => {:home => 'read'}
 
  def home
  end

end

...such as:

class SiteAuthorizer < ApplicationAuthorizer
  def self.readable_by?(user)
    user.has_moustache?
  end
end

In the view, you could do:

link_to 'home', home_path if SiteAuthorizer.readable_by?(current_user)

Of course, this is a bit awkward. It might be better to simply define a resource:

# Doesn't have to be a db-backed model
class AdminResource # or Site or whatever
  include Authority::Abilities
end

link_to 'home', home_path if current_user.can_read?(AdminResource)
Clone this wiki locally