Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 390 lines (371 sloc) 15.84 kB
44b36ce @ryanb adding controller additions with basic behavior.
authored
1 module CanCan
dfd84a1 @ryanb improving inline documentation
authored
2
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
3 # This module is automatically included into all controllers.
4 # It also makes the "can?" and "cannot?" methods available to all views.
44b36ce @ryanb adding controller additions with basic behavior.
authored
5 module ControllerAdditions
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
6 module ClassMethods
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
7 # Sets up a before filter which loads and authorizes the current resource. This performs both
8 # load_resource and authorize_resource and accepts the same arguments. See those methods for details.
dfd84a1 @ryanb improving inline documentation
authored
9 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
10 # class BooksController < ApplicationController
11 # load_and_authorize_resource
12 # end
dfd84a1 @ryanb improving inline documentation
authored
13 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
14 def load_and_authorize_resource(*args)
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
15 cancan_resource_class.add_before_filter(self, :load_and_authorize_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
16 end
dfd84a1 @ryanb improving inline documentation
authored
17
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
18 # Sets up a before filter which loads the model resource into an instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
19 # For example, given an ArticlesController it will load the current article into the @article
20 # instance variable. It does this by either calling Article.find(params[:id]) or
6c3e87e @ryanb updating readme and documentation
authored
21 # Article.new(params[:article]) depending upon the action. The index action will
22 # automatically set @articles to Article.accessible_by(current_ability).
dfd84a1 @ryanb improving inline documentation
authored
23 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
24 # If a conditions hash is used in the Ability, the +new+ and +create+ actions will set
25 # the initial attributes based on these conditions. This way these actions will satisfy
26 # the ability restrictions.
27 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
28 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored
29 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
30 # class BooksController < ApplicationController
31 # load_resource
32 # end
dfd84a1 @ryanb improving inline documentation
authored
33 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
34 # A resource is not loaded if the instance variable is already set. This makes it easy to override
35 # the behavior through a before_filter on certain actions.
dfd84a1 @ryanb improving inline documentation
authored
36 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
37 # class BooksController < ApplicationController
38 # before_filter :find_book_by_permalink, :only => :show
39 # load_resource
40 #
41 # private
42 #
43 # def find_book_by_permalink
44 # @book = Book.find_by_permalink!(params[:id)
45 # end
46 # end
dfd84a1 @ryanb improving inline documentation
authored
47 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
48 # If a name is provided which does not match the controller it assumes it is a parent resource. Child
49 # resources can then be loaded through it.
50 #
51 # class BooksController < ApplicationController
52 # load_resource :author
53 # load_resource :book, :through => :author
54 # end
55 #
56 # Here the author resource will be loaded before each action using params[:author_id]. The book resource
57 # will then be loaded through the @author instance variable.
58 #
59 # That first argument is optional and will default to the singular name of the controller.
60 # A hash of options (see below) can also be passed to this method to further customize it.
61 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
62 # See load_and_authorize_resource to automatically authorize the resource too.
dfd84a1 @ryanb improving inline documentation
authored
63 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
64 # Options:
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
65 # [:+only+]
66 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
67 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
68 # [:+except+]
69 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
70 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
71 # [:+through+]
c11ffb6 @ryanb support loading resource :through method along with instance variable…
authored
72 # Load this resource through another one. This should match the name of the parent instance variable or method.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
73 #
92995d7 @ryanb adding :through_association option to load_resource (thanks hunterae)…
authored
74 # [:+through_association+]
75 # The name of the association to fetch the child records through the parent resource. This is normally not needed
76 # because it defaults to the pluralized resource name.
77 #
264e2d2 @ryanb raise AccessDenied error when loading child while parent is nil, pass…
authored
78 # [:+shallow+]
79 # Pass +true+ to allow this resource to be loaded directly when parent is +nil+. Defaults to +false+.
80 #
c9e0f4e @ryanb renaming :singular resource option to :singleton
authored
81 # [:+singleton+]
82 # Pass +true+ if this is a singleton resource through a +has_one+ association.
84f4c90 @ryanb adding :singular option to support has_one associations in load/autho…
authored
83 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
84 # [:+parent+]
85 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
86 # name is given which does not match the controller.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
87 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
88 # [:+class+]
23a5888 @ryanb renaming :class option to :resource for load_and_authorize_resource w…
authored
89 # The class to use for the model (string or constant).
dfd84a1 @ryanb improving inline documentation
authored
90 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
91 # [:+instance_name+]
92 # The name of the instance variable to load the resource into.
93 #
236cece @ryanb adding :find_by option to load_resource - closes #19
authored
94 # [:+find_by+]
95 # Find using a different attribute other than id. For example.
96 #
97 # load_resource :find_by => :permalink # will use find_by_permlink!(params[:id])
98 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
99 # [:+collection+]
100 # Specify which actions are resource collection actions in addition to :+index+. This
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
101 # is usually not necessary because it will try to guess depending on if the id param is present.
dfd84a1 @ryanb improving inline documentation
authored
102 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
103 # load_resource :collection => [:sort, :list]
dfd84a1 @ryanb improving inline documentation
authored
104 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
105 # [:+new+]
106 # Specify which actions are new resource actions in addition to :+new+ and :+create+.
107 # Pass an action name into here if you would like to build a new resource instead of
108 # fetch one.
dfd84a1 @ryanb improving inline documentation
authored
109 #
63634b4 @ryanb Adding :collection and :new options to load_resource method so we can…
authored
110 # load_resource :new => :build
dfd84a1 @ryanb improving inline documentation
authored
111 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored
112 # [:+prepend+]
113 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
114 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
115 def load_resource(*args)
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
116 cancan_resource_class.add_before_filter(self, :load_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
117 end
dfd84a1 @ryanb improving inline documentation
authored
118
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
119 # Sets up a before filter which authorizes the resource using the instance variable.
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
120 # For example, if you have an ArticlesController it will check the @article instance variable
121 # and ensure the user can perform the current action on it. Under the hood it is doing
122 # something like the following.
dfd84a1 @ryanb improving inline documentation
authored
123 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
124 # authorize!(params[:action].to_sym, @article || Article)
dfd84a1 @ryanb improving inline documentation
authored
125 #
ffa677b @ryanb Don't set resource instance variable if it has been set already - clo…
authored
126 # Call this method directly on the controller class.
dfd84a1 @ryanb improving inline documentation
authored
127 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
128 # class BooksController < ApplicationController
129 # authorize_resource
130 # end
dfd84a1 @ryanb improving inline documentation
authored
131 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
132 # If you pass in the name of a resource which does not match the controller it will assume
133 # it is a parent resource.
134 #
135 # class BooksController < ApplicationController
136 # authorize_resource :author
137 # authorize_resource :book
138 # end
139 #
140 # Here it will authorize :+show+, @+author+ on every action before authorizing the book.
141 #
142 # That first argument is optional and will default to the singular name of the controller.
143 # A hash of options (see below) can also be passed to this method to further customize it.
144 #
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
145 # See load_and_authorize_resource to automatically load the resource too.
dfd84a1 @ryanb improving inline documentation
authored
146 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
147 # Options:
148 # [:+only+]
149 # Only applies before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
150 #
94e031b @ryanb Pass :only and :except options to before filters for load/authorize r…
authored
151 # [:+except+]
152 # Does not apply before filter to given actions.
dfd84a1 @ryanb improving inline documentation
authored
153 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
154 # [:+parent+]
155 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
156 # name is given which does not match the controller.
157 #
158 # [:+class+]
159 # The class to use for the model (string or constant). This passed in when the instance variable is not set.
160 # Pass +false+ if there is no associated class for this resource and it will use a symbol of the resource name.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
161 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
162 # [:+instance_name+]
163 # The name of the instance variable for this resource.
2a3dd85 @ryanb adding :name option to load_and_authorize_resource if it does not mat…
authored
164 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
165 # [:+through+]
166 # Authorize conditions on this parent resource when instance isn't available.
167 #
951d70e @ryanb adding :prepend option to load_and_authorize_resource - closes #290
authored
168 # [:+prepend+]
169 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
170 #
25a1c55 @ryanb adding :through option to replace :nesting option and moving Resource…
authored
171 def authorize_resource(*args)
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
172 cancan_resource_class.add_before_filter(self, :authorize_resource, *args)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
173 end
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored
174
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
175 # Skip both the loading and authorization behavior of CanCan for this given controller. This is primarily
176 # useful to skip the behavior of a superclass. You can pass :only and :except options to specify which actions
177 # to skip the effects on. It will apply to all actions by default.
178 #
179 # class ProjectsController < SomeOtherController
180 # skip_load_and_authorize_resource :only => :index
181 # end
182 #
183 # You can also pass the resource name as the first argument to skip that resource.
184 def skip_load_and_authorize_resource(*args)
185 skip_load_resource(*args)
186 skip_authorize_resource(*args)
187 end
188
e561532 @manuelmeurer Fixed typos.
manuelmeurer authored
189 # Skip the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
190 # only do authorization on certain actions. You can pass :only and :except options to specify which actions to
191 # skip the effects on. It will apply to all actions by default.
192 #
193 # class ProjectsController < ApplicationController
194 # load_and_authorize_resource
195 # skip_load_resource :only => :index
196 # end
197 #
198 # You can also pass the resource name as the first argument to skip that resource.
199 def skip_load_resource(*args)
200 options = args.extract_options!
201 name = args.first
202 cancan_skipper[:load][name] = options
203 end
204
e561532 @manuelmeurer Fixed typos.
manuelmeurer authored
205 # Skip the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
206 # only do loading on certain actions. You can pass :only and :except options to specify which actions to
207 # skip the effects on. It will apply to all actions by default.
208 #
209 # class ProjectsController < ApplicationController
210 # load_and_authorize_resource
211 # skip_authorize_resource :only => :index
212 # end
213 #
214 # You can also pass the resource name as the first argument to skip that resource.
215 def skip_authorize_resource(*args)
216 options = args.extract_options!
217 name = args.first
218 cancan_skipper[:authorize][name] = options
219 end
220
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
221 # Add this to a controller to ensure it performs authorization through +authorized+! or +authorize_resource+ call.
222 # If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised.
223 # This is normally added to the ApplicationController to ensure all controller actions do authorization.
224 #
225 # class ApplicationController < ActionController::Base
226 # check_authorization
227 # end
228 #
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored
229 # See skip_authorization_check to bypass this check on specific controller actions.
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
230 #
231 # Options:
232 # [:+only+]
233 # Only applies to given actions.
234 #
235 # [:+except+]
236 # Does not apply to given actions.
237 #
238 # [:+if+]
239 # Supply the name of a controller method to be called. The authorization check only takes place if this returns true.
240 #
241 # check_authorization :if => :admin_controller?
242 #
243 # [:+unless+]
244 # Supply the name of a controller method to be called. The authorization check only takes place if this returns false.
245 #
246 # check_authorization :unless => :devise_controller?
247 #
248 def check_authorization(options = {})
249 self.after_filter(options.slice(:only, :except)) do |controller|
b3fc5ad @codeprimate Correct "return cant jump across threads" error when using check_auth…
codeprimate authored
250 next if controller.instance_variable_defined?(:@_authorized)
251 next if options[:if] && !controller.send(options[:if])
252 next if options[:unless] && controller.send(options[:unless])
80f1ab2 @ryanb adding :if and :unless options to check_authorization - closes #284
authored
253 raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored
254 end
255 end
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
256
257 # Call this in the class of a controller to skip the check_authorization behavior on the actions.
258 #
259 # class HomeController < ApplicationController
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored
260 # skip_authorization_check :only => :index
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
261 # end
262 #
263 # Any arguments are passed to the +before_filter+ it triggers.
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored
264 def skip_authorization_check(*args)
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
265 self.before_filter(*args) do |controller|
266 controller.instance_variable_set(:@_authorized, true)
267 end
268 end
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
269
787511a @ryanb renaming skip_authorization to skip_authorization_check - closes #169
authored
270 def skip_authorization(*args)
271 raise ImplementationRemoved, "The CanCan skip_authorization method has been renamed to skip_authorization_check. Please update your code."
272 end
273
4eee637 @ryanb adding support for loading through Inherited Resources - closes #23
authored
274 def cancan_resource_class
275 if ancestors.map(&:to_s).include? "InheritedResources::Actions"
276 InheritedResource
277 else
278 ControllerResource
279 end
280 end
5732711 @ryanb adding skip load and authorize behavior - closes #164
authored
281
282 def cancan_skipper
283 @_cancan_skipper ||= {:authorize => {}, :load => {}}
284 end
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
285 end
dfd84a1 @ryanb improving inline documentation
authored
286
44b36ce @ryanb adding controller additions with basic behavior.
authored
287 def self.included(base)
a5f9882 @ryanb turning load and authorize resource methods into class methods which …
authored
288 base.extend ClassMethods
4e4c5a9 @ryanb adding current_ability to helper methods - closes #361
authored
289 base.helper_method :can?, :cannot?, :current_ability
44b36ce @ryanb adding controller additions with basic behavior.
authored
290 end
dfd84a1 @ryanb improving inline documentation
authored
291
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
292 # Raises a CanCan::AccessDenied exception if the current_ability cannot
293 # perform the given action. This is usually called in a controller action or
294 # before filter to perform the authorization.
dfd84a1 @ryanb improving inline documentation
authored
295 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
296 # def show
297 # @article = Article.find(params[:id])
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
298 # authorize! :read, @article
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
299 # end
dfd84a1 @ryanb improving inline documentation
authored
300 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
301 # A :message option can be passed to specify a different message.
dfd84a1 @ryanb improving inline documentation
authored
302 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
303 # authorize! :read, @article, :message => "Not authorized to read #{@article.name}"
dfd84a1 @ryanb improving inline documentation
authored
304 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
305 # You can also use I18n to customize the message. Action aliases defined in Ability work here.
306 #
307 # en:
308 # unauthorized:
309 # manage:
6c3e87e @ryanb updating readme and documentation
authored
310 # all: "Not authorized to %{action} %{subject}."
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
311 # user: "Not allowed to manage other user accounts."
312 # update:
313 # project: "Not allowed to update this project."
314 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
315 # You can rescue from the exception in the controller to customize how unauthorized
316 # access is displayed to the user.
dfd84a1 @ryanb improving inline documentation
authored
317 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
318 # class ApplicationController < ActionController::Base
ef22de6 @ryanb adding custom message argument to unauthorized! method - closes #18
authored
319 # rescue_from CanCan::AccessDenied do |exception|
b2028c8 @ryanb moving :alert into redirect_to call in documentation
authored
320 # redirect_to root_url, :alert => exception.message
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
321 # end
322 # end
dfd84a1 @ryanb improving inline documentation
authored
323 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
324 # See the CanCan::AccessDenied exception for more details on working with the exception.
dfd84a1 @ryanb improving inline documentation
authored
325 #
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
326 # See the load_and_authorize_resource method to automatically add the authorize! behavior
327 # to the default RESTful actions.
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored
328 def authorize!(*args)
1af6c6f @ryanb adding check_authorization and skip_authorization controller class me…
authored
329 @_authorized = true
a5f838a @ryanb use I18n for unauthorization messages - closes #103
authored
330 current_ability.authorize!(*args)
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
331 end
dfd84a1 @ryanb improving inline documentation
authored
332
8903fee @ryanb removing unauthorized! in favor of authorize! and including more info…
authored
333 def unauthorized!(message = nil)
334 raise ImplementationRemoved, "The unauthorized! method has been removed from CanCan, use authorize! instead."
44b36ce @ryanb adding controller additions with basic behavior.
authored
335 end
dfd84a1 @ryanb improving inline documentation
authored
336
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
337 # Creates and returns the current user's ability and caches it. If you
338 # want to override how the Ability is defined then this is the place.
339 # Just define the method in the controller to change behavior.
dfd84a1 @ryanb improving inline documentation
authored
340 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
341 # def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
342 # # instead of Ability.new(current_user)
343 # @current_ability ||= UserAbility.new(current_account)
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
344 # end
dfd84a1 @ryanb improving inline documentation
authored
345 #
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
346 # Notice it is important to cache the ability object so it is not
347 # recreated every time.
44b36ce @ryanb adding controller additions with basic behavior.
authored
348 def current_ability
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
349 @current_ability ||= ::Ability.new(current_user)
baeef0b @ryanb adding conditions behavior to Ability#can and fetch with Ability#cond…
authored
350 end
dfd84a1 @ryanb improving inline documentation
authored
351
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored
352 # Use in the controller or view to check the user's permission for a given action
353 # and object.
dfd84a1 @ryanb improving inline documentation
authored
354 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
355 # can? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored
356 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
357 # You can also pass the class instead of an instance (if you don't have one handy).
dfd84a1 @ryanb improving inline documentation
authored
358 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
359 # <% if can? :create, Project %>
360 # <%= link_to "New Project", new_project_path %>
361 # <% end %>
dfd84a1 @ryanb improving inline documentation
authored
362 #
bf9b8ad @ryanb filling in some inline documentation for 1.4
authored
363 # If it's a nested resource, you can pass the parent instance in a hash. This way it will
364 # check conditions which reach through that association.
365 #
366 # <% if can? :create, @category => Project %>
367 # <%= link_to "New Project", new_project_path %>
368 # <% end %>
369 #
5bd1a85 @ryanb little fixes to inline documentation (rdocs)
authored
370 # This simply calls "can?" on the current_ability. See Ability#can?.
44b36ce @ryanb adding controller additions with basic behavior.
authored
371 def can?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
372 current_ability.can?(*args)
44b36ce @ryanb adding controller additions with basic behavior.
authored
373 end
dfd84a1 @ryanb improving inline documentation
authored
374
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
375 # Convenience method which works the same as "can?" but returns the opposite value.
dfd84a1 @ryanb improving inline documentation
authored
376 #
b9227eb @ryanb adding a lot of inline documentation to code for rdocs
authored
377 # cannot? :destroy, @project
dfd84a1 @ryanb improving inline documentation
authored
378 #
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - clo…
authored
379 def cannot?(*args)
ef5900c @ryanb adding caching to current_ability class method, if you're overriding …
authored
380 current_ability.cannot?(*args)
0f49b54 @ryanb adding 'cannot?' method which performs opposite check of 'can?' - clo…
authored
381 end
44b36ce @ryanb adding controller additions with basic behavior.
authored
382 end
383 end
384
51702e0 @spatil checked for ActionContoller::Base instead of just ActionContoller
spatil authored
385 if defined? ActionController::Base
aaed265 @ryanb turning into a funtioning Rails plugin
authored
386 ActionController::Base.class_eval do
387 include CanCan::ControllerAdditions
388 end
1edf583 @ryanb BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' t…
authored
389 end
Something went wrong with that request. Please try again.