Skip to content
Newer
Older
100644 390 lines (371 sloc) 15.5 KB
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 16, 2009
1 module CanCan
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
2
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 17, 2009
3 # This module is automatically included into all controllers.
4 # It also makes the "can?" and "cannot?" methods available to all views.
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
5 module ControllerAdditions
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
6 module ClassMethods
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored Dec 13, 2009
7 # Sets up a before filter which loads and authorizes the current resource. This performs both
8 # load_resource and authorize_resource and accepts the same arguments. See those methods for details.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
9 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
10 # class BooksController < ApplicationController
11 # load_and_authorize_resource
12 # end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
13 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
14 def load_and_authorize_resource(*args)
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored Sep 9, 2010
15 cancan_resource_class.add_before_filter(self, :load_and_authorize_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
16 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
17
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
18 # Sets up a before filter which loads the model resource into an instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
19 # For example, given an ArticlesController it will load the current article into the @article
20 # instance variable. It does this by either calling Article.find(params[:id]) or
6c3e87e @ryanb updating readme and documentation
authored Oct 5, 2010
21 # Article.new(params[:article]) depending upon the action. The index action will
22 # automatically set @articles to Article.accessible_by(current_ability).
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
23 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
24 # If a conditions hash is used in the Ability, the +new+ and +create+ actions will set
25 # the initial attributes based on these conditions. This way these actions will satisfy
26 # the ability restrictions.
27 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored Dec 13, 2009
28 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
29 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
30 # class BooksController < ApplicationController
31 # load_resource
32 # end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
33 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored Dec 13, 2009
34 # A resource is not loaded if the instance variable is already set. This makes it easy to override
35 # the behavior through a before_filter on certain actions.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
36 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored Dec 13, 2009
37 # class BooksController < ApplicationController
38 # before_filter :find_book_by_permalink, :only => :show
39 # load_resource
40 #
41 # private
42 #
43 # def find_book_by_permalink
44 # @book = Book.find_by_permalink!(params[:id)
45 # end
46 # end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
47 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
48 # If a name is provided which does not match the controller it assumes it is a parent resource. Child
49 # resources can then be loaded through it.
50 #
51 # class BooksController < ApplicationController
52 # load_resource :author
53 # load_resource :book, :through => :author
54 # end
55 #
56 # Here the author resource will be loaded before each action using params[:author_id]. The book resource
57 # will then be loaded through the @author instance variable.
58 #
59 # That first argument is optional and will default to the singular name of the controller.
60 # A hash of options (see below) can also be passed to this method to further customize it.
61 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
62 # See load_and_authorize_resource to automatically authorize the resource too.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
63 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored Dec 13, 2009
64 # Options:
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored Dec 13, 2009
65 # [:+only+]
66 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
67 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored Dec 13, 2009
68 # [:+except+]
69 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
70 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
71 # [:+through+]
c11ffb6 @ryanb support loading resource :through method along with instance variable…
authored Sep 21, 2010
72 # Load this resource through another one. This should match the name of the parent instance variable or method.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored May 21, 2010
73 #
92995d7 @ryanb adding :through_association option to load_resource (thanks hunterae)…
authored Nov 12, 2010
74 # [:+through_association+]
75 # The name of the association to fetch the child records through the parent resource. This is normally not needed
76 # because it defaults to the pluralized resource name.
77 #
264e2d2 @ryanb raise AccessDenied error when loading child while parent is nil, pass…
authored Sep 21, 2010
78 # [:+shallow+]
79 # Pass +true+ to allow this resource to be loaded directly when parent is +nil+. Defaults to +false+.
80 #
c9e0f4e @ryanb renaming :singular resource option to :singleton
authored Aug 6, 2010
81 # [:+singleton+]
82 # Pass +true+ if this is a singleton resource through a +has_one+ association.
84f4c90 @ryanb adding :singular option to support has_one associations in load/autho…
authored Aug 6, 2010
83 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
84 # [:+parent+]
85 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
86 # name is given which does not match the controller.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored May 21, 2010
87 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
88 # [:+class+]
23a5888 @ryanb renaming :class option to :resource for load_and_authorize_resource w…
authored Apr 15, 2010
89 # The class to use for the model (string or constant).
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
90 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
91 # [:+instance_name+]
92 # The name of the instance variable to load the resource into.
93 #
236cece @ryanb adding :find_by option to load_resource - closes #19
authored Aug 6, 2010
94 # [:+find_by+]
95 # Find using a different attribute other than id. For example.
96 #
97 # load_resource :find_by => :permalink # will use find_by_permlink!(params[:id])
98 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored Dec 13, 2009
99 # [:+collection+]
100 # Specify which actions are resource collection actions in addition to :+index+. This
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
101 # is usually not necessary because it will try to guess depending on if the id param is present.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
102 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored Dec 13, 2009
103 # load_resource :collection => [:sort, :list]
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
104 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored Dec 13, 2009
105 # [:+new+]
106 # Specify which actions are new resource actions in addition to :+new+ and :+create+.
107 # Pass an action name into here if you would like to build a new resource instead of
108 # fetch one.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
109 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored Dec 13, 2009
110 # load_resource :new => :build
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
111 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored Mar 8, 2011
112 # [:+prepend+]
113 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
114 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
115 def load_resource(*args)
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored Sep 9, 2010
116 cancan_resource_class.add_before_filter(self, :load_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
117 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
118
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
119 # Sets up a before filter which authorizes the resource using the instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
120 # For example, if you have an ArticlesController it will check the @article instance variable
121 # and ensure the user can perform the current action on it. Under the hood it is doing
122 # something like the following.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
123 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
124 # authorize!(params[:action].to_sym, @article || Article)
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
125 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored Dec 13, 2009
126 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
127 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
128 # class BooksController < ApplicationController
129 # authorize_resource
130 # end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
131 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
132 # If you pass in the name of a resource which does not match the controller it will assume
133 # it is a parent resource.
134 #
135 # class BooksController < ApplicationController
136 # authorize_resource :author
137 # authorize_resource :book
138 # end
139 #
140 # Here it will authorize :+show+, @+author+ on every action before authorizing the book.
141 #
142 # That first argument is optional and will default to the singular name of the controller.
143 # A hash of options (see below) can also be passed to this method to further customize it.
144 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
145 # See load_and_authorize_resource to automatically load the resource too.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
146 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored Dec 13, 2009
147 # Options:
148 # [:+only+]
149 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
150 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored Dec 13, 2009
151 # [:+except+]
152 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
153 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
154 # [:+parent+]
155 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
156 # name is given which does not match the controller.
157 #
158 # [:+class+]
159 # The class to use for the model (string or constant). This passed in when the instance variable is not set.
160 # Pass +false+ if there is no associated class for this resource and it will use a symbol of the resource name.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored May 21, 2010
161 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
162 # [:+instance_name+]
163 # The name of the instance variable for this resource.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored May 21, 2010
164 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
165 # [:+through+]
166 # Authorize conditions on this parent resource when instance isn't available.
167 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored Mar 8, 2011
168 # [:+prepend+]
169 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
170 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored Aug 5, 2010
171 def authorize_resource(*args)
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored Sep 9, 2010
172 cancan_resource_class.add_before_filter(self, :authorize_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
173 end
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored Sep 3, 2010
174
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored Jan 8, 2011
175 # Skip both the loading and authorization behavior of CanCan for this given controller. This is primarily
176 # useful to skip the behavior of a superclass. You can pass :only and :except options to specify which actions
177 # to skip the effects on. It will apply to all actions by default.
178 #
179 # class ProjectsController < SomeOtherController
180 # skip_load_and_authorize_resource :only => :index
181 # end
182 #
183 # You can also pass the resource name as the first argument to skip that resource.
184 def skip_load_and_authorize_resource(*args)
185 skip_load_resource(*args)
186 skip_authorize_resource(*args)
187 end
188
189 # Skip both the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
190 # only do authorization on certain actions. You can pass :only and :except options to specify which actions to
191 # skip the effects on. It will apply to all actions by default.
192 #
193 # class ProjectsController < ApplicationController
194 # load_and_authorize_resource
195 # skip_load_resource :only => :index
196 # end
197 #
198 # You can also pass the resource name as the first argument to skip that resource.
199 def skip_load_resource(*args)
200 options = args.extract_options!
201 name = args.first
202 cancan_skipper[:load][name] = options
203 end
204
205 # Skip both the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
206 # only do loading on certain actions. You can pass :only and :except options to specify which actions to
207 # skip the effects on. It will apply to all actions by default.
208 #
209 # class ProjectsController < ApplicationController
210 # load_and_authorize_resource
211 # skip_authorize_resource :only => :index
212 # end
213 #
214 # You can also pass the resource name as the first argument to skip that resource.
215 def skip_authorize_resource(*args)
216 options = args.extract_options!
217 name = args.first
218 cancan_skipper[:authorize][name] = options
219 end
220
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
221 # Add this to a controller to ensure it performs authorization through +authorized+! or +authorize_resource+ call.
222 # If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised.
223 # This is normally added to the ApplicationController to ensure all controller actions do authorization.
224 #
225 # class ApplicationController < ActionController::Base
226 # check_authorization
227 # end
228 #
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored Nov 12, 2010
229 # See skip_authorization_check to bypass this check on specific controller actions.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored Mar 8, 2011
230 #
231 # Options:
232 # [:+only+]
233 # Only applies to given actions.
234 #
235 # [:+except+]
236 # Does not apply to given actions.
237 #
238 # [:+if+]
239 # Supply the name of a controller method to be called. The authorization check only takes place if this returns true.
240 #
241 # check_authorization :if => :admin_controller?
242 #
243 # [:+unless+]
244 # Supply the name of a controller method to be called. The authorization check only takes place if this returns false.
245 #
246 # check_authorization :unless => :devise_controller?
247 #
248 def check_authorization(options = {})
249 self.after_filter(options.slice(:only, :except)) do |controller|
250 return if controller.instance_variable_defined?(:@_authorized)
251 return if options[:if] && !controller.send(options[:if])
252 return if options[:unless] && controller.send(options[:unless])
253 raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored Sep 3, 2010
254 end
255 end
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
256
257 # Call this in the class of a controller to skip the check_authorization behavior on the actions.
258 #
259 # class HomeController < ApplicationController
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored Nov 12, 2010
260 # skip_authorization_check :only => :index
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
261 # end
262 #
263 # Any arguments are passed to the +before_filter+ it triggers.
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored Nov 12, 2010
264 def skip_authorization_check(*args)
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
265 self.before_filter(*args) do |controller|
266 controller.instance_variable_set(:@_authorized, true)
267 end
268 end
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored Sep 9, 2010
269
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored Nov 12, 2010
270 def skip_authorization(*args)
271 raise ImplementationRemoved, "The CanCan skip_authorization method has been renamed to skip_authorization_check. Please update your code."
272 end
273
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored Sep 9, 2010
274 def cancan_resource_class
275 if ancestors.map(&:to_s).include? "InheritedResources::Actions"
276 InheritedResource
277 else
278 ControllerResource
279 end
280 end
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored Jan 8, 2011
281
282 def cancan_skipper
283 @_cancan_skipper ||= {:authorize => {}, :load => {}}
284 end
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
285 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
286
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
287 def self.included(base)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored Dec 13, 2009
288 base.extend ClassMethods
4e4c5a9 @ryanb adding current_ability to helper methods - closes #361
authored May 17, 2011
289 base.helper_method :can?, :cannot?, :current_ability
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
290 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
291
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
292 # Raises a CanCan::AccessDenied exception if the current_ability cannot
293 # perform the given action. This is usually called in a controller action or
294 # before filter to perform the authorization.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
295 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
296 # def show
297 # @article = Article.find(params[:id])
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
298 # authorize! :read, @article
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
299 # end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
300 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
301 # A :message option can be passed to specify a different message.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
302 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
303 # authorize! :read, @article, :message => "Not authorized to read #{@article.name}"
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
304 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
305 # You can also use I18n to customize the message. Action aliases defined in Ability work here.
306 #
307 # en:
308 # unauthorized:
309 # manage:
6c3e87e @ryanb updating readme and documentation
authored Oct 5, 2010
310 # all: "Not authorized to %{action} %{subject}."
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
311 # user: "Not allowed to manage other user accounts."
312 # update:
313 # project: "Not allowed to update this project."
314 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
315 # You can rescue from the exception in the controller to customize how unauthorized
316 # access is displayed to the user.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
317 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
318 # class ApplicationController < ActionController::Base
ef22de6 @ryanb adding custom message argument to unauthorized! method - closes #18
authored Dec 15, 2009
319 # rescue_from CanCan::AccessDenied do |exception|
b2028c8 @ryanb moving :alert into redirect_to call in documentation
authored Jan 28, 2011
320 # redirect_to root_url, :alert => exception.message
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
321 # end
322 # end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
323 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
324 # See the CanCan::AccessDenied exception for more details on working with the exception.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
325 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
326 # See the load_and_authorize_resource method to automatically add the authorize! behavior
327 # to the default RESTful actions.
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored Sep 2, 2010
328 def authorize!(*args)
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored Sep 3, 2010
329 @_authorized = true
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored Sep 3, 2010
330 current_ability.authorize!(*args)
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
331 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
332
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored Apr 16, 2010
333 def unauthorized!(message = nil)
334 raise ImplementationRemoved, "The unauthorized! method has been removed from CanCan, use authorize! instead."
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
335 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
336
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored Apr 15, 2010
337 # Creates and returns the current user's ability and caches it. If you
338 # want to override how the Ability is defined then this is the place.
339 # Just define the method in the controller to change behavior.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
340 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
341 # def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored Apr 16, 2010
342 # # instead of Ability.new(current_user)
343 # @current_ability ||= UserAbility.new(current_account)
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
344 # end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
345 #
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored Apr 16, 2010
346 # Notice it is important to cache the ability object so it is not
347 # recreated every time.
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
348 def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored Apr 16, 2010
349 @current_ability ||= ::Ability.new(current_user)
baeef0b @ryanb adding conditions behavior to Ability#can and fetch with Ability#cond…
authored Apr 15, 2010
350 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
351
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored Nov 19, 2009
352 # Use in the controller or view to check the user's permission for a given action
353 # and object.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
354 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
355 # can? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
356 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
357 # You can also pass the class instead of an instance (if you don't have one handy).
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
358 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
359 # <% if can? :create, Project %>
360 # <%= link_to "New Project", new_project_path %>
361 # <% end %>
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
362 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored Sep 3, 2010
363 # If it's a nested resource, you can pass the parent instance in a hash. This way it will
364 # check conditions which reach through that association.
365 #
366 # <% if can? :create, @category => Project %>
367 # <%= link_to "New Project", new_project_path %>
368 # <% end %>
369 #
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored Nov 19, 2009
370 # This simply calls "can?" on the current_ability. See Ability#can?.
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
371 def can?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored Apr 16, 2010
372 current_ability.can?(*args)
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
373 end
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
374
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
375 # Convenience method which works the same as "can?" but returns the opposite value.
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
376 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored Nov 18, 2009
377 # cannot? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored May 21, 2010
378 #
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - clo…
authored Nov 17, 2009
379 def cannot?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored Apr 16, 2010
380 current_ability.cannot?(*args)
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - clo…
authored Nov 17, 2009
381 end
44b36ce @ryanb adding controller additions with basic behavior.
authored Nov 17, 2009
382 end
383 end
384
aaed265 @ryanb turning into a funtioning Rails plugin
authored Nov 16, 2009
385 if defined? ActionController
386 ActionController::Base.class_eval do
387 include CanCan::ControllerAdditions
388 end
1edf583 @ryanb BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' t…
authored Nov 17, 2009
389 end
Something went wrong with that request. Please try again.