Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 390 lines (371 sloc) 15.84 kb
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
1 module CanCan
dfd84a1 Ryan Bates improving inline documentation
authored
2
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
3 # This module is automatically included into all controllers.
4 # It also makes the "can?" and "cannot?" methods available to all views.
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
5 module ControllerAdditions
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
6 module ClassMethods
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
7 # Sets up a before filter which loads and authorizes the current resource. This performs both
8 # load_resource and authorize_resource and accepts the same arguments. See those methods for details.
dfd84a1 Ryan Bates improving inline documentation
authored
9 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
10 # class BooksController < ApplicationController
11 # load_and_authorize_resource
12 # end
dfd84a1 Ryan Bates improving inline documentation
authored
13 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
14 def load_and_authorize_resource(*args)
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
15 cancan_resource_class.add_before_filter(self, :load_and_authorize_resource, *args)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
16 end
dfd84a1 Ryan Bates improving inline documentation
authored
17
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
18 # Sets up a before filter which loads the model resource into an instance variable.
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
19 # For example, given an ArticlesController it will load the current article into the @article
20 # instance variable. It does this by either calling Article.find(params[:id]) or
6c3e87e Ryan Bates updating readme and documentation
authored
21 # Article.new(params[:article]) depending upon the action. The index action will
22 # automatically set @articles to Article.accessible_by(current_ability).
dfd84a1 Ryan Bates improving inline documentation
authored
23 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
24 # If a conditions hash is used in the Ability, the +new+ and +create+ actions will set
25 # the initial attributes based on these conditions. This way these actions will satisfy
26 # the ability restrictions.
27 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
28 # Call this method directly on the controller class.
dfd84a1 Ryan Bates improving inline documentation
authored
29 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
30 # class BooksController < ApplicationController
31 # load_resource
32 # end
dfd84a1 Ryan Bates improving inline documentation
authored
33 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
34 # A resource is not loaded if the instance variable is already set. This makes it easy to override
35 # the behavior through a before_filter on certain actions.
dfd84a1 Ryan Bates improving inline documentation
authored
36 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
37 # class BooksController < ApplicationController
38 # before_filter :find_book_by_permalink, :only => :show
39 # load_resource
40 #
41 # private
42 #
43 # def find_book_by_permalink
44 # @book = Book.find_by_permalink!(params[:id)
45 # end
46 # end
dfd84a1 Ryan Bates improving inline documentation
authored
47 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
48 # If a name is provided which does not match the controller it assumes it is a parent resource. Child
49 # resources can then be loaded through it.
50 #
51 # class BooksController < ApplicationController
52 # load_resource :author
53 # load_resource :book, :through => :author
54 # end
55 #
56 # Here the author resource will be loaded before each action using params[:author_id]. The book resource
57 # will then be loaded through the @author instance variable.
58 #
59 # That first argument is optional and will default to the singular name of the controller.
60 # A hash of options (see below) can also be passed to this method to further customize it.
61 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
62 # See load_and_authorize_resource to automatically authorize the resource too.
dfd84a1 Ryan Bates improving inline documentation
authored
63 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
64 # Options:
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
65 # [:+only+]
66 # Only applies before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
67 #
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
68 # [:+except+]
69 # Does not apply before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
70 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
71 # [:+through+]
c11ffb6 Ryan Bates support loading resource :through method along with instance variable - ...
authored
72 # Load this resource through another one. This should match the name of the parent instance variable or method.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
73 #
92995d7 Ryan Bates adding :through_association option to load_resource (thanks hunterae) - ...
authored
74 # [:+through_association+]
75 # The name of the association to fetch the child records through the parent resource. This is normally not needed
76 # because it defaults to the pluralized resource name.
77 #
264e2d2 Ryan Bates raise AccessDenied error when loading child while parent is nil, pass :s...
authored
78 # [:+shallow+]
79 # Pass +true+ to allow this resource to be loaded directly when parent is +nil+. Defaults to +false+.
80 #
c9e0f4e Ryan Bates renaming :singular resource option to :singleton
authored
81 # [:+singleton+]
82 # Pass +true+ if this is a singleton resource through a +has_one+ association.
84f4c90 Ryan Bates adding :singular option to support has_one associations in load/authoriz...
authored
83 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
84 # [:+parent+]
85 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
86 # name is given which does not match the controller.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
87 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
88 # [:+class+]
23a5888 Ryan Bates renaming :class option to :resource for load_and_authorize_resource whic...
authored
89 # The class to use for the model (string or constant).
dfd84a1 Ryan Bates improving inline documentation
authored
90 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
91 # [:+instance_name+]
92 # The name of the instance variable to load the resource into.
93 #
236cece Ryan Bates adding :find_by option to load_resource - closes #19
authored
94 # [:+find_by+]
95 # Find using a different attribute other than id. For example.
96 #
97 # load_resource :find_by => :permalink # will use find_by_permlink!(params[:id])
98 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
99 # [:+collection+]
100 # Specify which actions are resource collection actions in addition to :+index+. This
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
101 # is usually not necessary because it will try to guess depending on if the id param is present.
dfd84a1 Ryan Bates improving inline documentation
authored
102 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
103 # load_resource :collection => [:sort, :list]
dfd84a1 Ryan Bates improving inline documentation
authored
104 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
105 # [:+new+]
106 # Specify which actions are new resource actions in addition to :+new+ and :+create+.
107 # Pass an action name into here if you would like to build a new resource instead of
108 # fetch one.
dfd84a1 Ryan Bates improving inline documentation
authored
109 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
110 # load_resource :new => :build
dfd84a1 Ryan Bates improving inline documentation
authored
111 #
951d70e Ryan Bates adding :prepend option to load_and_authorize_resource - closes #290
authored
112 # [:+prepend+]
113 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
114 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
115 def load_resource(*args)
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
116 cancan_resource_class.add_before_filter(self, :load_resource, *args)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
117 end
dfd84a1 Ryan Bates improving inline documentation
authored
118
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
119 # Sets up a before filter which authorizes the resource using the instance variable.
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
120 # For example, if you have an ArticlesController it will check the @article instance variable
121 # and ensure the user can perform the current action on it. Under the hood it is doing
122 # something like the following.
dfd84a1 Ryan Bates improving inline documentation
authored
123 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
124 # authorize!(params[:action].to_sym, @article || Article)
dfd84a1 Ryan Bates improving inline documentation
authored
125 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
126 # Call this method directly on the controller class.
dfd84a1 Ryan Bates improving inline documentation
authored
127 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
128 # class BooksController < ApplicationController
129 # authorize_resource
130 # end
dfd84a1 Ryan Bates improving inline documentation
authored
131 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
132 # If you pass in the name of a resource which does not match the controller it will assume
133 # it is a parent resource.
134 #
135 # class BooksController < ApplicationController
136 # authorize_resource :author
137 # authorize_resource :book
138 # end
139 #
140 # Here it will authorize :+show+, @+author+ on every action before authorizing the book.
141 #
142 # That first argument is optional and will default to the singular name of the controller.
143 # A hash of options (see below) can also be passed to this method to further customize it.
144 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
145 # See load_and_authorize_resource to automatically load the resource too.
dfd84a1 Ryan Bates improving inline documentation
authored
146 #
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
147 # Options:
148 # [:+only+]
149 # Only applies before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
150 #
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
151 # [:+except+]
152 # Does not apply before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
153 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
154 # [:+parent+]
155 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
156 # name is given which does not match the controller.
157 #
158 # [:+class+]
159 # The class to use for the model (string or constant). This passed in when the instance variable is not set.
160 # Pass +false+ if there is no associated class for this resource and it will use a symbol of the resource name.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
161 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
162 # [:+instance_name+]
163 # The name of the instance variable for this resource.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
164 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
165 # [:+through+]
166 # Authorize conditions on this parent resource when instance isn't available.
167 #
951d70e Ryan Bates adding :prepend option to load_and_authorize_resource - closes #290
authored
168 # [:+prepend+]
169 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
170 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
171 def authorize_resource(*args)
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
172 cancan_resource_class.add_before_filter(self, :authorize_resource, *args)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
173 end
1af6c6f Ryan Bates adding check_authorization and skip_authorization controller class metho...
authored
174
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
175 # Skip both the loading and authorization behavior of CanCan for this given controller. This is primarily
176 # useful to skip the behavior of a superclass. You can pass :only and :except options to specify which actions
177 # to skip the effects on. It will apply to all actions by default.
178 #
179 # class ProjectsController < SomeOtherController
180 # skip_load_and_authorize_resource :only => :index
181 # end
182 #
183 # You can also pass the resource name as the first argument to skip that resource.
184 def skip_load_and_authorize_resource(*args)
185 skip_load_resource(*args)
186 skip_authorize_resource(*args)
187 end
188
e561532 Manuel Meurer Fixed typos.
manuelmeurer authored
189 # Skip the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
190 # only do authorization on certain actions. You can pass :only and :except options to specify which actions to
191 # skip the effects on. It will apply to all actions by default.
192 #
193 # class ProjectsController < ApplicationController
194 # load_and_authorize_resource
195 # skip_load_resource :only => :index
196 # end
197 #
198 # You can also pass the resource name as the first argument to skip that resource.
199 def skip_load_resource(*args)
200 options = args.extract_options!
201 name = args.first
202 cancan_skipper[:load][name] = options
203 end
204
e561532 Manuel Meurer Fixed typos.
manuelmeurer authored
205 # Skip the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
206 # only do loading on certain actions. You can pass :only and :except options to specify which actions to
207 # skip the effects on. It will apply to all actions by default.
208 #
209 # class ProjectsController < ApplicationController
210 # load_and_authorize_resource
211 # skip_authorize_resource :only => :index
212 # end
213 #
214 # You can also pass the resource name as the first argument to skip that resource.
215 def skip_authorize_resource(*args)
216 options = args.extract_options!
217 name = args.first
218 cancan_skipper[:authorize][name] = options
219 end
220
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
221 # Add this to a controller to ensure it performs authorization through +authorized+! or +authorize_resource+ call.
222 # If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised.
223 # This is normally added to the ApplicationController to ensure all controller actions do authorization.
224 #
225 # class ApplicationController < ActionController::Base
226 # check_authorization
227 # end
228 #
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
229 # See skip_authorization_check to bypass this check on specific controller actions.
80f1ab2 Ryan Bates adding :if and :unless options to check_authorization - closes #284
authored
230 #
231 # Options:
232 # [:+only+]
233 # Only applies to given actions.
234 #
235 # [:+except+]
236 # Does not apply to given actions.
237 #
238 # [:+if+]
239 # Supply the name of a controller method to be called. The authorization check only takes place if this returns true.
240 #
241 # check_authorization :if => :admin_controller?
242 #
243 # [:+unless+]
244 # Supply the name of a controller method to be called. The authorization check only takes place if this returns false.
245 #
246 # check_authorization :unless => :devise_controller?
247 #
248 def check_authorization(options = {})
249 self.after_filter(options.slice(:only, :except)) do |controller|
250 return if controller.instance_variable_defined?(:@_authorized)
251 return if options[:if] && !controller.send(options[:if])
252 return if options[:unless] && controller.send(options[:unless])
253 raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
1af6c6f Ryan Bates adding check_authorization and skip_authorization controller class metho...
authored
254 end
255 end
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
256
257 # Call this in the class of a controller to skip the check_authorization behavior on the actions.
258 #
259 # class HomeController < ApplicationController
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
260 # skip_authorization_check :only => :index
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
261 # end
262 #
263 # Any arguments are passed to the +before_filter+ it triggers.
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
264 def skip_authorization_check(*args)
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
265 self.before_filter(*args) do |controller|
266 controller.instance_variable_set(:@_authorized, true)
267 end
268 end
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
269
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
270 def skip_authorization(*args)
271 raise ImplementationRemoved, "The CanCan skip_authorization method has been renamed to skip_authorization_check. Please update your code."
272 end
273
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
274 def cancan_resource_class
275 if ancestors.map(&:to_s).include? "InheritedResources::Actions"
276 InheritedResource
277 else
278 ControllerResource
279 end
280 end
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
281
282 def cancan_skipper
283 @_cancan_skipper ||= {:authorize => {}, :load => {}}
284 end
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
285 end
dfd84a1 Ryan Bates improving inline documentation
authored
286
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
287 def self.included(base)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
288 base.extend ClassMethods
4e4c5a9 Ryan Bates adding current_ability to helper methods - closes #361
authored
289 base.helper_method :can?, :cannot?, :current_ability
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
290 end
dfd84a1 Ryan Bates improving inline documentation
authored
291
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
292 # Raises a CanCan::AccessDenied exception if the current_ability cannot
293 # perform the given action. This is usually called in a controller action or
294 # before filter to perform the authorization.
dfd84a1 Ryan Bates improving inline documentation
authored
295 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
296 # def show
297 # @article = Article.find(params[:id])
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
298 # authorize! :read, @article
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
299 # end
dfd84a1 Ryan Bates improving inline documentation
authored
300 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
301 # A :message option can be passed to specify a different message.
dfd84a1 Ryan Bates improving inline documentation
authored
302 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
303 # authorize! :read, @article, :message => "Not authorized to read #{@article.name}"
dfd84a1 Ryan Bates improving inline documentation
authored
304 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
305 # You can also use I18n to customize the message. Action aliases defined in Ability work here.
306 #
307 # en:
308 # unauthorized:
309 # manage:
6c3e87e Ryan Bates updating readme and documentation
authored
310 # all: "Not authorized to %{action} %{subject}."
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
311 # user: "Not allowed to manage other user accounts."
312 # update:
313 # project: "Not allowed to update this project."
314 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
315 # You can rescue from the exception in the controller to customize how unauthorized
316 # access is displayed to the user.
dfd84a1 Ryan Bates improving inline documentation
authored
317 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
318 # class ApplicationController < ActionController::Base
ef22de6 Ryan Bates adding custom message argument to unauthorized! method - closes #18
authored
319 # rescue_from CanCan::AccessDenied do |exception|
b2028c8 Ryan Bates moving :alert into redirect_to call in documentation
authored
320 # redirect_to root_url, :alert => exception.message
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
321 # end
322 # end
dfd84a1 Ryan Bates improving inline documentation
authored
323 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
324 # See the CanCan::AccessDenied exception for more details on working with the exception.
dfd84a1 Ryan Bates improving inline documentation
authored
325 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
326 # See the load_and_authorize_resource method to automatically add the authorize! behavior
327 # to the default RESTful actions.
a5f838a Ryan Bates use I18n for unauthorization messages - closes #103
authored
328 def authorize!(*args)
1af6c6f Ryan Bates adding check_authorization and skip_authorization controller class metho...
authored
329 @_authorized = true
a5f838a Ryan Bates use I18n for unauthorization messages - closes #103
authored
330 current_ability.authorize!(*args)
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
331 end
dfd84a1 Ryan Bates improving inline documentation
authored
332
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
333 def unauthorized!(message = nil)
334 raise ImplementationRemoved, "The unauthorized! method has been removed from CanCan, use authorize! instead."
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
335 end
dfd84a1 Ryan Bates improving inline documentation
authored
336
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
337 # Creates and returns the current user's ability and caches it. If you
338 # want to override how the Ability is defined then this is the place.
339 # Just define the method in the controller to change behavior.
dfd84a1 Ryan Bates improving inline documentation
authored
340 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
341 # def current_ability
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
342 # # instead of Ability.new(current_user)
343 # @current_ability ||= UserAbility.new(current_account)
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
344 # end
dfd84a1 Ryan Bates improving inline documentation
authored
345 #
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
346 # Notice it is important to cache the ability object so it is not
347 # recreated every time.
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
348 def current_ability
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
349 @current_ability ||= ::Ability.new(current_user)
baeef0b Ryan Bates adding conditions behavior to Ability#can and fetch with Ability#conditi...
authored
350 end
dfd84a1 Ryan Bates improving inline documentation
authored
351
5bd1a85 Ryan Bates little fixes to inline documentation (rdocs)
authored
352 # Use in the controller or view to check the user's permission for a given action
353 # and object.
dfd84a1 Ryan Bates improving inline documentation
authored
354 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
355 # can? :destroy, @project
dfd84a1 Ryan Bates improving inline documentation
authored
356 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
357 # You can also pass the class instead of an instance (if you don't have one handy).
dfd84a1 Ryan Bates improving inline documentation
authored
358 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
359 # <% if can? :create, Project %>
360 # <%= link_to "New Project", new_project_path %>
361 # <% end %>
dfd84a1 Ryan Bates improving inline documentation
authored
362 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
363 # If it's a nested resource, you can pass the parent instance in a hash. This way it will
364 # check conditions which reach through that association.
365 #
366 # <% if can? :create, @category => Project %>
367 # <%= link_to "New Project", new_project_path %>
368 # <% end %>
369 #
5bd1a85 Ryan Bates little fixes to inline documentation (rdocs)
authored
370 # This simply calls "can?" on the current_ability. See Ability#can?.
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
371 def can?(*args)
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
372 current_ability.can?(*args)
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
373 end
dfd84a1 Ryan Bates improving inline documentation
authored
374
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
375 # Convenience method which works the same as "can?" but returns the opposite value.
dfd84a1 Ryan Bates improving inline documentation
authored
376 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
377 # cannot? :destroy, @project
dfd84a1 Ryan Bates improving inline documentation
authored
378 #
0f49b54 Ryan Bates adding 'cannot?' method which performs opposite check of 'can?' - closes...
authored
379 def cannot?(*args)
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
380 current_ability.cannot?(*args)
0f49b54 Ryan Bates adding 'cannot?' method which performs opposite check of 'can?' - closes...
authored
381 end
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
382 end
383 end
384
aaed265 Ryan Bates turning into a funtioning Rails plugin
authored
385 if defined? ActionController
386 ActionController::Base.class_eval do
387 include CanCan::ControllerAdditions
388 end
1edf583 Ryan Bates BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to s...
authored
389 end
Something went wrong with that request. Please try again.