Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 390 lines (372 sloc) 16.379 kb
44b36ce @ryanb adding controller additions with basic behavior.
authored
1 module CanCan
dfd84a1 @ryanb improving inline documentation
authored
2
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
3 # This module is automatically included into all controllers.
4 # It also makes the "can?" and "cannot?" methods available to all views.
44b36ce @ryanb adding controller additions with basic behavior.
authored
5 module ControllerAdditions
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
6 module ClassMethods
ffa677b @ryanb Don't set resource instance variable if it has been set already - closes...
authored
7 # Sets up a before filter which loads and authorizes the current resource. This performs both
8 # load_resource and authorize_resource and accepts the same arguments. See those methods for details.
dfd84a1 @ryanb improving inline documentation
authored
9 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
10 # class BooksController < ApplicationController
11 # load_and_authorize_resource
12 # end
dfd84a1 @ryanb improving inline documentation
authored
13 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
14 def load_and_authorize_resource(*args)
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
15 cancan_resource_class.add_before_filter(self, :load_and_authorize_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
16 end
dfd84a1 @ryanb improving inline documentation
authored
17
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
18 # Sets up a before filter which loads the model resource into an instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
19 # For example, given an ArticlesController it will load the current article into the @article
20 # instance variable. It does this by either calling Article.find(params[:id]) or
6c3e87e @ryanb updating readme and documentation
authored
21 # Article.new(params[:article]) depending upon the action. The index action will
22 # automatically set @articles to Article.accessible_by(current_ability).
dfd84a1 @ryanb improving inline documentation
authored
23 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
24 # If a conditions hash is used in the Ability, the +new+ and +create+ actions will set
25 # the initial attributes based on these conditions. This way these actions will satisfy
26 # the ability restrictions.
27 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - closes...
authored
28 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored
29 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
30 # class BooksController < ApplicationController
31 # load_resource
32 # end
dfd84a1 @ryanb improving inline documentation
authored
33 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - closes...
authored
34 # A resource is not loaded if the instance variable is already set. This makes it easy to override
35 # the behavior through a before_filter on certain actions.
dfd84a1 @ryanb improving inline documentation
authored
36 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - closes...
authored
37 # class BooksController < ApplicationController
38 # before_filter :find_book_by_permalink, :only => :show
39 # load_resource
40 #
41 # private
42 #
43 # def find_book_by_permalink
44 # @book = Book.find_by_permalink!(params[:id)
45 # end
46 # end
dfd84a1 @ryanb improving inline documentation
authored
47 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
48 # If a name is provided which does not match the controller it assumes it is a parent resource. Child
49 # resources can then be loaded through it.
50 #
51 # class BooksController < ApplicationController
52 # load_resource :author
53 # load_resource :book, :through => :author
54 # end
55 #
56 # Here the author resource will be loaded before each action using params[:author_id]. The book resource
57 # will then be loaded through the @author instance variable.
58 #
59 # That first argument is optional and will default to the singular name of the controller.
60 # A hash of options (see below) can also be passed to this method to further customize it.
61 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
62 # See load_and_authorize_resource to automatically authorize the resource too.
dfd84a1 @ryanb improving inline documentation
authored
63 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can sp...
authored
64 # Options:
94e031b @ryanb Pass :only and :except options to before filters for load/authorize reso...
authored
65 # [:+only+]
66 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
67 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize reso...
authored
68 # [:+except+]
69 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
70 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
71 # [:+through+]
c11ffb6 @ryanb support loading resource :through method along with instance variable - ...
authored
72 # Load this resource through another one. This should match the name of the parent instance variable or method.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not match ...
authored
73 #
92995d7 @ryanb adding :through_association option to load_resource (thanks hunterae) - ...
authored
74 # [:+through_association+]
75 # The name of the association to fetch the child records through the parent resource. This is normally not needed
76 # because it defaults to the pluralized resource name.
77 #
264e2d2 @ryanb raise AccessDenied error when loading child while parent is nil, pass :s...
authored
78 # [:+shallow+]
79 # Pass +true+ to allow this resource to be loaded directly when parent is +nil+. Defaults to +false+.
80 #
c9e0f4e @ryanb renaming :singular resource option to :singleton
authored
81 # [:+singleton+]
82 # Pass +true+ if this is a singleton resource through a +has_one+ association.
84f4c90 @ryanb adding :singular option to support has_one associations in load/authoriz...
authored
83 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
84 # [:+parent+]
85 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
86 # name is given which does not match the controller.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not match ...
authored
87 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
88 # [:+class+]
23a5888 @ryanb renaming :class option to :resource for load_and_authorize_resource whic...
authored
89 # The class to use for the model (string or constant).
dfd84a1 @ryanb improving inline documentation
authored
90 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
91 # [:+instance_name+]
92 # The name of the instance variable to load the resource into.
93 #
236cece @ryanb adding :find_by option to load_resource - closes #19
authored
94 # [:+find_by+]
95 # Find using a different attribute other than id. For example.
96 #
97 # load_resource :find_by => :permalink # will use find_by_permlink!(params[:id])
98 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can sp...
authored
99 # [:+collection+]
100 # Specify which actions are resource collection actions in addition to :+index+. This
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
101 # is usually not necessary because it will try to guess depending on if the id param is present.
dfd84a1 @ryanb improving inline documentation
authored
102 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can sp...
authored
103 # load_resource :collection => [:sort, :list]
dfd84a1 @ryanb improving inline documentation
authored
104 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can sp...
authored
105 # [:+new+]
106 # Specify which actions are new resource actions in addition to :+new+ and :+create+.
107 # Pass an action name into here if you would like to build a new resource instead of
108 # fetch one.
dfd84a1 @ryanb improving inline documentation
authored
109 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can sp...
authored
110 # load_resource :new => :build
dfd84a1 @ryanb improving inline documentation
authored
111 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored
112 # [:+prepend+]
113 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
114 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
115 def load_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
116 raise ImplementationRemoved, "The load_resource method has been removed, use load_and_authorize_resource instead."
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
117 cancan_resource_class.add_before_filter(self, :load_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
118 end
dfd84a1 @ryanb improving inline documentation
authored
119
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
120 # Sets up a before filter which authorizes the resource using the instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
121 # For example, if you have an ArticlesController it will check the @article instance variable
122 # and ensure the user can perform the current action on it. Under the hood it is doing
123 # something like the following.
dfd84a1 @ryanb improving inline documentation
authored
124 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
125 # authorize!(params[:action].to_sym, @article || Article)
dfd84a1 @ryanb improving inline documentation
authored
126 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - closes...
authored
127 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored
128 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
129 # class BooksController < ApplicationController
130 # authorize_resource
131 # end
dfd84a1 @ryanb improving inline documentation
authored
132 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
133 # If you pass in the name of a resource which does not match the controller it will assume
134 # it is a parent resource.
135 #
136 # class BooksController < ApplicationController
137 # authorize_resource :author
138 # authorize_resource :book
139 # end
140 #
141 # Here it will authorize :+show+, @+author+ on every action before authorizing the book.
142 #
143 # That first argument is optional and will default to the singular name of the controller.
144 # A hash of options (see below) can also be passed to this method to further customize it.
145 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
146 # See load_and_authorize_resource to automatically load the resource too.
dfd84a1 @ryanb improving inline documentation
authored
147 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize reso...
authored
148 # Options:
149 # [:+only+]
150 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
151 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize reso...
authored
152 # [:+except+]
153 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
154 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
155 # [:+parent+]
156 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
157 # name is given which does not match the controller.
158 #
159 # [:+class+]
160 # The class to use for the model (string or constant). This passed in when the instance variable is not set.
161 # Pass +false+ if there is no associated class for this resource and it will use a symbol of the resource name.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not match ...
authored
162 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
163 # [:+instance_name+]
164 # The name of the instance variable for this resource.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not match ...
authored
165 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
166 # [:+through+]
167 # Authorize conditions on this parent resource when instance isn't available.
168 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored
169 # [:+prepend+]
170 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
171 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving ResourceAut...
authored
172 def authorize_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
173 raise ImplementationRemoved, "The authorize_resource method has been removed, use load_and_authorize_resource instead."
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
174 cancan_resource_class.add_before_filter(self, :authorize_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
175 end
1af6c6f @ryanb adding check_authorization and skip_authorization controller class metho...
authored
176
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
177 # Skip both the loading and authorization behavior of CanCan for this given controller. This is primarily
178 # useful to skip the behavior of a superclass. You can pass :only and :except options to specify which actions
179 # to skip the effects on. It will apply to all actions by default.
180 #
181 # class ProjectsController < SomeOtherController
182 # skip_load_and_authorize_resource :only => :index
183 # end
184 #
185 # You can also pass the resource name as the first argument to skip that resource.
186 def skip_load_and_authorize_resource(*args)
187 skip_load_resource(*args)
188 skip_authorize_resource(*args)
189 end
190
191 # Skip both the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
192 # only do authorization on certain actions. You can pass :only and :except options to specify which actions to
193 # skip the effects on. It will apply to all actions by default.
194 #
195 # class ProjectsController < ApplicationController
196 # load_and_authorize_resource
197 # skip_load_resource :only => :index
198 # end
199 #
200 # You can also pass the resource name as the first argument to skip that resource.
201 def skip_load_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
202 raise ImplementationRemoved, "The skip_load_resource method has been removed, use skip_load_and_authorize_resource instead."
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
203 options = args.extract_options!
204 name = args.first
205 cancan_skipper[:load][name] = options
206 end
207
208 # Skip both the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
209 # only do loading on certain actions. You can pass :only and :except options to specify which actions to
210 # skip the effects on. It will apply to all actions by default.
211 #
212 # class ProjectsController < ApplicationController
213 # load_and_authorize_resource
214 # skip_authorize_resource :only => :index
215 # end
216 #
217 # You can also pass the resource name as the first argument to skip that resource.
218 def skip_authorize_resource(*args)
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
219 raise ImplementationRemoved, "The skip_authorize_resource method has been removed, use skip_load_and_authorize_resource instead."
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
220 options = args.extract_options!
221 name = args.first
222 cancan_skipper[:authorize][name] = options
223 end
224
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
225 # Add this to a controller to automatically perform authorization on every action.
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
226 #
227 # class ApplicationController < ActionController::Base
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
228 # enable_authorization
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
229 # end
230 #
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
231 # Internally it does this in a before_filter for every action.
232 #
233 # authorize! params[:action], params[:controller]
234 #
235 # If you need to "skip" authorization in a given controller, it is best to enable :+access+ to it in the +Ability+.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
236 #
237 # Options:
238 # [:+only+]
239 # Only applies to given actions.
240 #
241 # [:+except+]
242 # Does not apply to given actions.
243 #
244 # [:+if+]
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
245 # Supply the name of a controller method to be called. The authorization only takes place if this returns true.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
246 #
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
247 # enable_authorization :if => :admin_controller?
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
248 #
249 # [:+unless+]
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
250 # Supply the name of a controller method to be called. The authorization only takes place if this returns false.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
251 #
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
252 # enable_authorization :unless => :devise_controller?
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
253 #
35fbee5 @ryanb passing block to enable_authorization will be executed when CanCan::Unau...
authored
254 def enable_authorization(options = {}, &block)
255 before_filter(options.slice(:only, :except)) do |controller|
346ca2c @ryanb check authorization is sufficient in an after_filter when doing enable_a...
authored
256 break if options[:if] && !controller.send(options[:if])
257 break if options[:unless] && controller.send(options[:unless])
258 controller.authorize! controller.params[:action], controller.params[:controller]
259 end
35fbee5 @ryanb passing block to enable_authorization will be executed when CanCan::Unau...
authored
260 after_filter(options.slice(:only, :except)) do |controller|
346ca2c @ryanb check authorization is sufficient in an after_filter when doing enable_a...
authored
261 break if options[:if] && !controller.send(options[:if])
262 break if options[:unless] && controller.send(options[:unless])
263 unless controller.current_ability.fully_authorized? controller.params[:action], controller.params[:controller]
264 raise CanCan::InsufficientAuthorizationCheck, "Authorization check is not sufficient for this action. This is probably because you have a conditions or attributes defined in Ability and are not checking for them in the action."
265 end
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
266 end
35fbee5 @ryanb passing block to enable_authorization will be executed when CanCan::Unau...
authored
267 rescue_from(CanCan::Unauthorized, &block) if block
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
268 end
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
269
270 def cancan_resource_class
271 if ancestors.map(&:to_s).include? "InheritedResources::Actions"
272 InheritedResource
273 else
274 ControllerResource
275 end
276 end
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
277
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
278 def check_authorization(options = {})
279 raise ImplementationRemoved, "The check_authorization method has been removed, use enable_authorization instead."
280 end
281
282 def skip_authorization_check(*args)
283 raise ImplementationRemoved, "The skip_authorization_check method has been removed, instead authorize access to controller in Ability to 'skip'."
284 end
285
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
286 def cancan_skipper
7ee942c @ryanb adding enable_authorization method and deprecating some other controller...
authored
287 raise ImplementationRemoved, "The skip_authorization_check method has been removed, instead authorize access to controller in Ability to 'skip'."
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
288 end
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
289 end
dfd84a1 @ryanb improving inline documentation
authored
290
44b36ce @ryanb adding controller additions with basic behavior.
authored
291 def self.included(base)
a5f9882 @ryanb turning load and authorize resource methods into class methods which set...
authored
292 base.extend ClassMethods
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - closes...
authored
293 base.helper_method :can?, :cannot?
44b36ce @ryanb adding controller additions with basic behavior.
authored
294 end
dfd84a1 @ryanb improving inline documentation
authored
295
cf2896f @ryanb renaming AccessDenied exception to Unauthorized
authored
296 # Raises a CanCan::Unauthorized exception if the current_ability cannot
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
297 # perform the given action. This is usually called in a controller action or
298 # before filter to perform the authorization.
dfd84a1 @ryanb improving inline documentation
authored
299 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
300 # def show
301 # @article = Article.find(params[:id])
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
302 # authorize! :read, @article
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
303 # end
dfd84a1 @ryanb improving inline documentation
authored
304 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
305 # A :message option can be passed to specify a different message.
dfd84a1 @ryanb improving inline documentation
authored
306 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
307 # authorize! :read, @article, :message => "Not authorized to read #{@article.name}"
dfd84a1 @ryanb improving inline documentation
authored
308 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
309 # You can also use I18n to customize the message. Action aliases defined in Ability work here.
310 #
311 # en:
312 # unauthorized:
313 # manage:
6c3e87e @ryanb updating readme and documentation
authored
314 # all: "Not authorized to %{action} %{subject}."
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
315 # user: "Not allowed to manage other user accounts."
316 # update:
317 # project: "Not allowed to update this project."
318 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
319 # You can rescue from the exception in the controller to customize how unauthorized
320 # access is displayed to the user.
dfd84a1 @ryanb improving inline documentation
authored
321 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
322 # class ApplicationController < ActionController::Base
cf2896f @ryanb renaming AccessDenied exception to Unauthorized
authored
323 # rescue_from CanCan::Unauthorized do |exception|
b2028c8 @ryanb moving :alert into redirect_to call in documentation
authored
324 # redirect_to root_url, :alert => exception.message
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
325 # end
326 # end
dfd84a1 @ryanb improving inline documentation
authored
327 #
cf2896f @ryanb renaming AccessDenied exception to Unauthorized
authored
328 # See the CanCan::Unauthorized exception for more details on working with the exception.
dfd84a1 @ryanb improving inline documentation
authored
329 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
330 # See the load_and_authorize_resource method to automatically add the authorize! behavior
331 # to the default RESTful actions.
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored
332 def authorize!(*args)
1af6c6f @ryanb adding check_authorization and skip_authorization controller class metho...
authored
333 @_authorized = true
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored
334 current_ability.authorize!(*args)
8903fee @ryanb removing unauthorized! in favor of authorize! and including more informa...
authored
335 end
dfd84a1 @ryanb improving inline documentation
authored
336
ef5900c @ryanb adding caching to current_ability class method, if you're overriding thi...
authored
337 # Creates and returns the current user's ability and caches it. If you
338 # want to override how the Ability is defined then this is the place.
339 # Just define the method in the controller to change behavior.
dfd84a1 @ryanb improving inline documentation
authored
340 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
341 # def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding thi...
authored
342 # # instead of Ability.new(current_user)
343 # @current_ability ||= UserAbility.new(current_account)
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
344 # end
dfd84a1 @ryanb improving inline documentation
authored
345 #
ef5900c @ryanb adding caching to current_ability class method, if you're overriding thi...
authored
346 # Notice it is important to cache the ability object so it is not
347 # recreated every time.
44b36ce @ryanb adding controller additions with basic behavior.
authored
348 def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding thi...
authored
349 @current_ability ||= ::Ability.new(current_user)
baeef0b @ryanb adding conditions behavior to Ability#can and fetch with Ability#conditi...
authored
350 end
dfd84a1 @ryanb improving inline documentation
authored
351
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored
352 # Use in the controller or view to check the user's permission for a given action
353 # and object.
dfd84a1 @ryanb improving inline documentation
authored
354 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
355 # can? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored
356 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
357 # You can also pass the class instead of an instance (if you don't have one handy).
dfd84a1 @ryanb improving inline documentation
authored
358 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
359 # <% if can? :create, Project %>
360 # <%= link_to "New Project", new_project_path %>
361 # <% end %>
dfd84a1 @ryanb improving inline documentation
authored
362 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
363 # If it's a nested resource, you can pass the parent instance in a hash. This way it will
364 # check conditions which reach through that association.
365 #
366 # <% if can? :create, @category => Project %>
367 # <%= link_to "New Project", new_project_path %>
368 # <% end %>
369 #
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored
370 # This simply calls "can?" on the current_ability. See Ability#can?.
44b36ce @ryanb adding controller additions with basic behavior.
authored
371 def can?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding thi...
authored
372 current_ability.can?(*args)
44b36ce @ryanb adding controller additions with basic behavior.
authored
373 end
dfd84a1 @ryanb improving inline documentation
authored
374
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
375 # Convenience method which works the same as "can?" but returns the opposite value.
dfd84a1 @ryanb improving inline documentation
authored
376 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
377 # cannot? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored
378 #
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - closes...
authored
379 def cannot?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding thi...
authored
380 current_ability.cannot?(*args)
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - closes...
authored
381 end
44b36ce @ryanb adding controller additions with basic behavior.
authored
382 end
383 end
384
aaed265 @ryanb turning into a funtioning Rails plugin
authored
385 if defined? ActionController
386 ActionController::Base.class_eval do
387 include CanCan::ControllerAdditions
388 end
1edf583 @ryanb BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to s...
authored
389 end
Something went wrong with that request. Please try again.