Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 393 lines (375 sloc) 16.599 kB
44b36ce @ryanb adding controller additions with basic behavior.
authored
1 module CanCan
dfd84a1 @ryanb improving inline documentation
authored
2
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
3 # This module is automatically included into all controllers.
4 # It also makes the "can?" and "cannot?" methods available to all views.
44b36ce @ryanb adding controller additions with basic behavior.
authored
5 module ControllerAdditions
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
6 module ClassMethods
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
7 # Sets up a before filter which loads and authorizes the current resource. This performs both
8 # load_resource and authorize_resource and accepts the same arguments. See those methods for details.
dfd84a1 @ryanb improving inline documentation
authored
9 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
10 # class BooksController < ApplicationController
11 # load_and_authorize_resource
12 # end
dfd84a1 @ryanb improving inline documentation
authored
13 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
14 def load_and_authorize_resource(*args)
a29e316 @ryanb changing the interface for ControllerResource load/authorize so they …
authored
15 cancan_resource_class.add_before_filter(self, {:load => true, :authorize => true}, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
16 end
dfd84a1 @ryanb improving inline documentation
authored
17
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
18 # Sets up a before filter which loads the model resource into an instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
19 # For example, given an ArticlesController it will load the current article into the @article
20 # instance variable. It does this by either calling Article.find(params[:id]) or
6c3e87e @ryanb updating readme and documentation
authored
21 # Article.new(params[:article]) depending upon the action. The index action will
22 # automatically set @articles to Article.accessible_by(current_ability).
dfd84a1 @ryanb improving inline documentation
authored
23 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
24 # If a conditions hash is used in the Ability, the +new+ and +create+ actions will set
25 # the initial attributes based on these conditions. This way these actions will satisfy
26 # the ability restrictions.
27 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
28 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored
29 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
30 # class BooksController < ApplicationController
31 # load_resource
32 # end
dfd84a1 @ryanb improving inline documentation
authored
33 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
34 # A resource is not loaded if the instance variable is already set. This makes it easy to override
35 # the behavior through a before_filter on certain actions.
dfd84a1 @ryanb improving inline documentation
authored
36 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
37 # class BooksController < ApplicationController
38 # before_filter :find_book_by_permalink, :only => :show
39 # load_resource
40 #
41 # private
42 #
43 # def find_book_by_permalink
44 # @book = Book.find_by_permalink!(params[:id)
45 # end
46 # end
dfd84a1 @ryanb improving inline documentation
authored
47 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
48 # If a name is provided which does not match the controller it assumes it is a parent resource. Child
49 # resources can then be loaded through it.
50 #
51 # class BooksController < ApplicationController
52 # load_resource :author
53 # load_resource :book, :through => :author
54 # end
55 #
56 # Here the author resource will be loaded before each action using params[:author_id]. The book resource
57 # will then be loaded through the @author instance variable.
58 #
59 # That first argument is optional and will default to the singular name of the controller.
60 # A hash of options (see below) can also be passed to this method to further customize it.
61 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
62 # See load_and_authorize_resource to automatically authorize the resource too.
dfd84a1 @ryanb improving inline documentation
authored
63 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
64 # Options:
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
65 # [:+only+]
66 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
67 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
68 # [:+except+]
69 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
70 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
71 # [:+through+]
c11ffb6 @ryanb support loading resource :through method along with instance variable…
authored
72 # Load this resource through another one. This should match the name of the parent instance variable or method.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
73 #
92995d7 @ryanb adding :through_association option to load_resource (thanks hunterae)…
authored
74 # [:+through_association+]
75 # The name of the association to fetch the child records through the parent resource. This is normally not needed
76 # because it defaults to the pluralized resource name.
77 #
264e2d2 @ryanb raise AccessDenied error when loading child while parent is nil, pass…
authored
78 # [:+shallow+]
79 # Pass +true+ to allow this resource to be loaded directly when parent is +nil+. Defaults to +false+.
80 #
c9e0f4e @ryanb renaming :singular resource option to :singleton
authored
81 # [:+singleton+]
82 # Pass +true+ if this is a singleton resource through a +has_one+ association.
84f4c90 @ryanb adding :singular option to support has_one associations in load/autho…
authored
83 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
84 # [:+parent+]
85 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
86 # name is given which does not match the controller.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
87 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
88 # [:+class+]
23a5888 @ryanb renaming :class option to :resource for load_and_authorize_resource w…
authored
89 # The class to use for the model (string or constant).
dfd84a1 @ryanb improving inline documentation
authored
90 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
91 # [:+instance_name+]
92 # The name of the instance variable to load the resource into.
93 #
236cece @ryanb adding :find_by option to load_resource - closes #19
authored
94 # [:+find_by+]
95 # Find using a different attribute other than id. For example.
96 #
e65f9bd @manuelmeurer Fixed typo
manuelmeurer authored
97 # load_resource :find_by => :permalink # will use find_by_permalink!(params[:id])
236cece @ryanb adding :find_by option to load_resource - closes #19
authored
98 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
99 # [:+collection+]
100 # Specify which actions are resource collection actions in addition to :+index+. This
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
101 # is usually not necessary because it will try to guess depending on if the id param is present.
dfd84a1 @ryanb improving inline documentation
authored
102 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
103 # load_resource :collection => [:sort, :list]
dfd84a1 @ryanb improving inline documentation
authored
104 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
105 # [:+new+]
106 # Specify which actions are new resource actions in addition to :+new+ and :+create+.
107 # Pass an action name into here if you would like to build a new resource instead of
108 # fetch one.
dfd84a1 @ryanb improving inline documentation
authored
109 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
110 # load_resource :new => :build
dfd84a1 @ryanb improving inline documentation
authored
111 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored
112 # [:+prepend+]
113 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
114 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
115 def load_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
116 raise ImplementationRemoved, "The load_resource method has been removed, use load_and_authorize_resource instead."
a29e316 @ryanb changing the interface for ControllerResource load/authorize so they …
authored
117 cancan_resource_class.add_before_filter(self, {:load => true}, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
118 end
dfd84a1 @ryanb improving inline documentation
authored
119
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
120 # Sets up a before filter which authorizes the resource using the instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
121 # For example, if you have an ArticlesController it will check the @article instance variable
122 # and ensure the user can perform the current action on it. Under the hood it is doing
123 # something like the following.
dfd84a1 @ryanb improving inline documentation
authored
124 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
125 # authorize!(params[:action].to_sym, @article || Article)
dfd84a1 @ryanb improving inline documentation
authored
126 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
127 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored
128 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
129 # class BooksController < ApplicationController
130 # authorize_resource
131 # end
dfd84a1 @ryanb improving inline documentation
authored
132 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
133 # If you pass in the name of a resource which does not match the controller it will assume
134 # it is a parent resource.
135 #
136 # class BooksController < ApplicationController
137 # authorize_resource :author
138 # authorize_resource :book
139 # end
140 #
141 # Here it will authorize :+show+, @+author+ on every action before authorizing the book.
142 #
143 # That first argument is optional and will default to the singular name of the controller.
144 # A hash of options (see below) can also be passed to this method to further customize it.
145 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
146 # See load_and_authorize_resource to automatically load the resource too.
dfd84a1 @ryanb improving inline documentation
authored
147 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
148 # Options:
149 # [:+only+]
150 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
151 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
152 # [:+except+]
153 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
154 #
f166b59 Just add singleton to description of authorize_resource
Dmitriy Vorotilin authored
155 # [:+singleton+]
156 # Pass +true+ if this is a singleton resource through a +has_one+ association.
157 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
158 # [:+parent+]
159 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
160 # name is given which does not match the controller.
161 #
162 # [:+class+]
163 # The class to use for the model (string or constant). This passed in when the instance variable is not set.
164 # Pass +false+ if there is no associated class for this resource and it will use a symbol of the resource name.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
165 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
166 # [:+instance_name+]
167 # The name of the instance variable for this resource.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
168 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
169 # [:+through+]
170 # Authorize conditions on this parent resource when instance isn't available.
171 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored
172 # [:+prepend+]
173 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
174 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
175 def authorize_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
176 raise ImplementationRemoved, "The authorize_resource method has been removed, use load_and_authorize_resource instead."
a29e316 @ryanb changing the interface for ControllerResource load/authorize so they …
authored
177 cancan_resource_class.add_before_filter(self, {:authorize => true}, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
178 end
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored
179
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
180 # Skip both the loading and authorization behavior of CanCan for this given controller. This is primarily
181 # useful to skip the behavior of a superclass. You can pass :only and :except options to specify which actions
182 # to skip the effects on. It will apply to all actions by default.
183 #
184 # class ProjectsController < SomeOtherController
185 # skip_load_and_authorize_resource :only => :index
186 # end
187 #
188 # You can also pass the resource name as the first argument to skip that resource.
189 def skip_load_and_authorize_resource(*args)
190 skip_load_resource(*args)
191 skip_authorize_resource(*args)
192 end
193
e561532 @manuelmeurer Fixed typos.
manuelmeurer authored
194 # Skip the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
195 # only do authorization on certain actions. You can pass :only and :except options to specify which actions to
196 # skip the effects on. It will apply to all actions by default.
197 #
198 # class ProjectsController < ApplicationController
199 # load_and_authorize_resource
200 # skip_load_resource :only => :index
201 # end
202 #
203 # You can also pass the resource name as the first argument to skip that resource.
204 def skip_load_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
205 raise ImplementationRemoved, "The skip_load_resource method has been removed, use skip_load_and_authorize_resource instead."
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
206 options = args.extract_options!
207 name = args.first
208 cancan_skipper[:load][name] = options
209 end
210
e561532 @manuelmeurer Fixed typos.
manuelmeurer authored
211 # Skip the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
212 # only do loading on certain actions. You can pass :only and :except options to specify which actions to
213 # skip the effects on. It will apply to all actions by default.
214 #
215 # class ProjectsController < ApplicationController
216 # load_and_authorize_resource
217 # skip_authorize_resource :only => :index
218 # end
219 #
220 # You can also pass the resource name as the first argument to skip that resource.
221 def skip_authorize_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
222 raise ImplementationRemoved, "The skip_authorize_resource method has been removed, use skip_load_and_authorize_resource instead."
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
223 options = args.extract_options!
224 name = args.first
225 cancan_skipper[:authorize][name] = options
226 end
227
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
228 # Add this to a controller to automatically perform authorization on every action.
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
229 #
230 # class ApplicationController < ActionController::Base
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
231 # enable_authorization
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
232 # end
233 #
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
234 # Internally it does this in a before_filter for every action.
235 #
236 # authorize! params[:action], params[:controller]
237 #
238 # If you need to "skip" authorization in a given controller, it is best to enable :+access+ to it in the +Ability+.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
239 #
240 # Options:
241 # [:+only+]
242 # Only applies to given actions.
243 #
244 # [:+except+]
245 # Does not apply to given actions.
246 #
247 # [:+if+]
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
248 # Supply the name of a controller method to be called. The authorization only takes place if this returns true.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
249 #
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
250 # enable_authorization :if => :admin_controller?
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
251 #
252 # [:+unless+]
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
253 # Supply the name of a controller method to be called. The authorization only takes place if this returns false.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
254 #
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
255 # enable_authorization :unless => :devise_controller?
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
256 #
35fbee5 @ryanb passing block to enable_authorization will be executed when CanCan::U…
authored
257 def enable_authorization(options = {}, &block)
258 before_filter(options.slice(:only, :except)) do |controller|
346ca2c @ryanb check authorization is sufficient in an after_filter when doing enabl…
authored
259 break if options[:if] && !controller.send(options[:if])
260 break if options[:unless] && controller.send(options[:unless])
261 controller.authorize! controller.params[:action], controller.params[:controller]
262 end
35fbee5 @ryanb passing block to enable_authorization will be executed when CanCan::U…
authored
263 after_filter(options.slice(:only, :except)) do |controller|
346ca2c @ryanb check authorization is sufficient in an after_filter when doing enabl…
authored
264 break if options[:if] && !controller.send(options[:if])
265 break if options[:unless] && controller.send(options[:unless])
266 unless controller.current_ability.fully_authorized? controller.params[:action], controller.params[:controller]
5d68cae @ryanb removing skipping feature in ControllerResource for now
authored
267 raise CanCan::InsufficientAuthorizationCheck, "Authorization check is not sufficient for this action. This is probably because you have conditions or attributes defined in Ability and are not checking for them in the action. One way to solve this is adding load_and_authorize_resource to this controller."
346ca2c @ryanb check authorization is sufficient in an after_filter when doing enabl…
authored
268 end
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
269 end
35fbee5 @ryanb passing block to enable_authorization will be executed when CanCan::U…
authored
270 rescue_from(CanCan::Unauthorized, &block) if block
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
271 end
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
272
273 def cancan_resource_class
274 if ancestors.map(&:to_s).include? "InheritedResources::Actions"
275 InheritedResource
276 else
277 ControllerResource
278 end
279 end
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
280
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
281 def check_authorization(options = {})
282 raise ImplementationRemoved, "The check_authorization method has been removed, use enable_authorization instead."
283 end
284
285 def skip_authorization_check(*args)
286 raise ImplementationRemoved, "The skip_authorization_check method has been removed, instead authorize access to controller in Ability to 'skip'."
287 end
288
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
289 def cancan_skipper
7ee942c @ryanb adding enable_authorization method and deprecating some other control…
authored
290 raise ImplementationRemoved, "The skip_authorization_check method has been removed, instead authorize access to controller in Ability to 'skip'."
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
291 end
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
292 end
dfd84a1 @ryanb improving inline documentation
authored
293
44b36ce @ryanb adding controller additions with basic behavior.
authored
294 def self.included(base)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
295 base.extend ClassMethods
4e4c5a9 @ryanb adding current_ability to helper methods - closes #361
authored
296 base.helper_method :can?, :cannot?, :current_ability
44b36ce @ryanb adding controller additions with basic behavior.
authored
297 end
dfd84a1 @ryanb improving inline documentation
authored
298
cf2896f @ryanb renaming AccessDenied exception to Unauthorized
authored
299 # Raises a CanCan::Unauthorized exception if the current_ability cannot
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
300 # perform the given action. This is usually called in a controller action or
301 # before filter to perform the authorization.
dfd84a1 @ryanb improving inline documentation
authored
302 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
303 # def show
304 # @article = Article.find(params[:id])
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
305 # authorize! :read, @article
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
306 # end
dfd84a1 @ryanb improving inline documentation
authored
307 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
308 # A :message option can be passed to specify a different message.
dfd84a1 @ryanb improving inline documentation
authored
309 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
310 # authorize! :read, @article, :message => "Not authorized to read #{@article.name}"
dfd84a1 @ryanb improving inline documentation
authored
311 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
312 # You can also use I18n to customize the message. Action aliases defined in Ability work here.
313 #
314 # en:
315 # unauthorized:
316 # manage:
6c3e87e @ryanb updating readme and documentation
authored
317 # all: "Not authorized to %{action} %{subject}."
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
318 # user: "Not allowed to manage other user accounts."
319 # update:
320 # project: "Not allowed to update this project."
321 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
322 # You can rescue from the exception in the controller to customize how unauthorized
323 # access is displayed to the user.
dfd84a1 @ryanb improving inline documentation
authored
324 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
325 # class ApplicationController < ActionController::Base
cf2896f @ryanb renaming AccessDenied exception to Unauthorized
authored
326 # rescue_from CanCan::Unauthorized do |exception|
b2028c8 @ryanb moving :alert into redirect_to call in documentation
authored
327 # redirect_to root_url, :alert => exception.message
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
328 # end
329 # end
dfd84a1 @ryanb improving inline documentation
authored
330 #
cf2896f @ryanb renaming AccessDenied exception to Unauthorized
authored
331 # See the CanCan::Unauthorized exception for more details on working with the exception.
dfd84a1 @ryanb improving inline documentation
authored
332 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
333 # See the load_and_authorize_resource method to automatically add the authorize! behavior
334 # to the default RESTful actions.
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored
335 def authorize!(*args)
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored
336 @_authorized = true
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored
337 current_ability.authorize!(*args)
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
338 end
dfd84a1 @ryanb improving inline documentation
authored
339
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
340 # Creates and returns the current user's ability and caches it. If you
341 # want to override how the Ability is defined then this is the place.
342 # Just define the method in the controller to change behavior.
dfd84a1 @ryanb improving inline documentation
authored
343 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
344 # def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
345 # # instead of Ability.new(current_user)
346 # @current_ability ||= UserAbility.new(current_account)
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
347 # end
dfd84a1 @ryanb improving inline documentation
authored
348 #
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
349 # Notice it is important to cache the ability object so it is not
350 # recreated every time.
44b36ce @ryanb adding controller additions with basic behavior.
authored
351 def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
352 @current_ability ||= ::Ability.new(current_user)
baeef0b @ryanb adding conditions behavior to Ability#can and fetch with Ability#cond…
authored
353 end
dfd84a1 @ryanb improving inline documentation
authored
354
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored
355 # Use in the controller or view to check the user's permission for a given action
356 # and object.
dfd84a1 @ryanb improving inline documentation
authored
357 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
358 # can? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored
359 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
360 # You can also pass the class instead of an instance (if you don't have one handy).
dfd84a1 @ryanb improving inline documentation
authored
361 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
362 # <% if can? :create, Project %>
363 # <%= link_to "New Project", new_project_path %>
364 # <% end %>
dfd84a1 @ryanb improving inline documentation
authored
365 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
366 # If it's a nested resource, you can pass the parent instance in a hash. This way it will
367 # check conditions which reach through that association.
368 #
369 # <% if can? :create, @category => Project %>
370 # <%= link_to "New Project", new_project_path %>
371 # <% end %>
372 #
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored
373 # This simply calls "can?" on the current_ability. See Ability#can?.
44b36ce @ryanb adding controller additions with basic behavior.
authored
374 def can?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
375 current_ability.can?(*args)
44b36ce @ryanb adding controller additions with basic behavior.
authored
376 end
dfd84a1 @ryanb improving inline documentation
authored
377
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
378 # Convenience method which works the same as "can?" but returns the opposite value.
dfd84a1 @ryanb improving inline documentation
authored
379 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
380 # cannot? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored
381 #
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - clo…
authored
382 def cannot?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
383 current_ability.cannot?(*args)
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - clo…
authored
384 end
44b36ce @ryanb adding controller additions with basic behavior.
authored
385 end
386 end
387
51702e0 @spatil checked for ActionContoller::Base instead of just ActionContoller
spatil authored
388 if defined? ActionController::Base
aaed265 @ryanb turning into a funtioning Rails plugin
authored
389 ActionController::Base.class_eval do
390 include CanCan::ControllerAdditions
391 end
1edf583 @ryanb BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' t…
authored
392 end
Something went wrong with that request. Please try again.