Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 393 lines (374 sloc) 15.952 kb
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
1 module CanCan
dfd84a1 Ryan Bates improving inline documentation
authored
2
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
3 # This module is automatically included into all controllers.
4 # It also makes the "can?" and "cannot?" methods available to all views.
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
5 module ControllerAdditions
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
6 module ClassMethods
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
7 # Sets up a before filter which loads and authorizes the current resource. This performs both
8 # load_resource and authorize_resource and accepts the same arguments. See those methods for details.
dfd84a1 Ryan Bates improving inline documentation
authored
9 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
10 # class BooksController < ApplicationController
11 # load_and_authorize_resource
12 # end
dfd84a1 Ryan Bates improving inline documentation
authored
13 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
14 def load_and_authorize_resource(*args)
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
15 cancan_resource_class.add_before_filter(self, :load_and_authorize_resource, *args)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
16 end
dfd84a1 Ryan Bates improving inline documentation
authored
17
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
18 # Sets up a before filter which loads the model resource into an instance variable.
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
19 # For example, given an ArticlesController it will load the current article into the @article
20 # instance variable. It does this by either calling Article.find(params[:id]) or
6c3e87e Ryan Bates updating readme and documentation
authored
21 # Article.new(params[:article]) depending upon the action. The index action will
22 # automatically set @articles to Article.accessible_by(current_ability).
dfd84a1 Ryan Bates improving inline documentation
authored
23 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
24 # If a conditions hash is used in the Ability, the +new+ and +create+ actions will set
25 # the initial attributes based on these conditions. This way these actions will satisfy
26 # the ability restrictions.
27 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
28 # Call this method directly on the controller class.
dfd84a1 Ryan Bates improving inline documentation
authored
29 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
30 # class BooksController < ApplicationController
31 # load_resource
32 # end
dfd84a1 Ryan Bates improving inline documentation
authored
33 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
34 # A resource is not loaded if the instance variable is already set. This makes it easy to override
35 # the behavior through a before_filter on certain actions.
dfd84a1 Ryan Bates improving inline documentation
authored
36 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
37 # class BooksController < ApplicationController
38 # before_filter :find_book_by_permalink, :only => :show
39 # load_resource
40 #
41 # private
42 #
43 # def find_book_by_permalink
44 # @book = Book.find_by_permalink!(params[:id)
45 # end
46 # end
dfd84a1 Ryan Bates improving inline documentation
authored
47 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
48 # If a name is provided which does not match the controller it assumes it is a parent resource. Child
49 # resources can then be loaded through it.
50 #
51 # class BooksController < ApplicationController
52 # load_resource :author
53 # load_resource :book, :through => :author
54 # end
55 #
56 # Here the author resource will be loaded before each action using params[:author_id]. The book resource
57 # will then be loaded through the @author instance variable.
58 #
59 # That first argument is optional and will default to the singular name of the controller.
60 # A hash of options (see below) can also be passed to this method to further customize it.
61 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
62 # See load_and_authorize_resource to automatically authorize the resource too.
dfd84a1 Ryan Bates improving inline documentation
authored
63 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
64 # Options:
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
65 # [:+only+]
66 # Only applies before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
67 #
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
68 # [:+except+]
69 # Does not apply before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
70 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
71 # [:+through+]
c11ffb6 Ryan Bates support loading resource :through method along with instance variable - ...
authored
72 # Load this resource through another one. This should match the name of the parent instance variable or method.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
73 #
92995d7 Ryan Bates adding :through_association option to load_resource (thanks hunterae) - ...
authored
74 # [:+through_association+]
75 # The name of the association to fetch the child records through the parent resource. This is normally not needed
76 # because it defaults to the pluralized resource name.
77 #
264e2d2 Ryan Bates raise AccessDenied error when loading child while parent is nil, pass :s...
authored
78 # [:+shallow+]
79 # Pass +true+ to allow this resource to be loaded directly when parent is +nil+. Defaults to +false+.
80 #
c9e0f4e Ryan Bates renaming :singular resource option to :singleton
authored
81 # [:+singleton+]
82 # Pass +true+ if this is a singleton resource through a +has_one+ association.
84f4c90 Ryan Bates adding :singular option to support has_one associations in load/authoriz...
authored
83 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
84 # [:+parent+]
85 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
86 # name is given which does not match the controller.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
87 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
88 # [:+class+]
23a5888 Ryan Bates renaming :class option to :resource for load_and_authorize_resource whic...
authored
89 # The class to use for the model (string or constant).
dfd84a1 Ryan Bates improving inline documentation
authored
90 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
91 # [:+instance_name+]
92 # The name of the instance variable to load the resource into.
93 #
236cece Ryan Bates adding :find_by option to load_resource - closes #19
authored
94 # [:+find_by+]
95 # Find using a different attribute other than id. For example.
96 #
97 # load_resource :find_by => :permalink # will use find_by_permlink!(params[:id])
98 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
99 # [:+collection+]
100 # Specify which actions are resource collection actions in addition to :+index+. This
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
101 # is usually not necessary because it will try to guess depending on if the id param is present.
dfd84a1 Ryan Bates improving inline documentation
authored
102 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
103 # load_resource :collection => [:sort, :list]
dfd84a1 Ryan Bates improving inline documentation
authored
104 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
105 # [:+new+]
106 # Specify which actions are new resource actions in addition to :+new+ and :+create+.
107 # Pass an action name into here if you would like to build a new resource instead of
108 # fetch one.
dfd84a1 Ryan Bates improving inline documentation
authored
109 #
63634b4 Ryan Bates Adding :collection and :new options to load_resource method so we can sp...
authored
110 # load_resource :new => :build
dfd84a1 Ryan Bates improving inline documentation
authored
111 #
951d70e Ryan Bates adding :prepend option to load_and_authorize_resource - closes #290
authored
112 # [:+prepend+]
113 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
114 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
115 def load_resource(*args)
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
116 cancan_resource_class.add_before_filter(self, :load_resource, *args)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
117 end
dfd84a1 Ryan Bates improving inline documentation
authored
118
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
119 # Sets up a before filter which authorizes the resource using the instance variable.
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
120 # For example, if you have an ArticlesController it will check the @article instance variable
121 # and ensure the user can perform the current action on it. Under the hood it is doing
122 # something like the following.
dfd84a1 Ryan Bates improving inline documentation
authored
123 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
124 # authorize!(params[:action].to_sym, @article || Article)
dfd84a1 Ryan Bates improving inline documentation
authored
125 #
ffa677b Ryan Bates Don't set resource instance variable if it has been set already - closes...
authored
126 # Call this method directly on the controller class.
dfd84a1 Ryan Bates improving inline documentation
authored
127 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
128 # class BooksController < ApplicationController
129 # authorize_resource
130 # end
dfd84a1 Ryan Bates improving inline documentation
authored
131 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
132 # If you pass in the name of a resource which does not match the controller it will assume
133 # it is a parent resource.
134 #
135 # class BooksController < ApplicationController
136 # authorize_resource :author
137 # authorize_resource :book
138 # end
139 #
140 # Here it will authorize :+show+, @+author+ on every action before authorizing the book.
141 #
142 # That first argument is optional and will default to the singular name of the controller.
143 # A hash of options (see below) can also be passed to this method to further customize it.
144 #
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
145 # See load_and_authorize_resource to automatically load the resource too.
dfd84a1 Ryan Bates improving inline documentation
authored
146 #
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
147 # Options:
148 # [:+only+]
149 # Only applies before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
150 #
94e031b Ryan Bates Pass :only and :except options to before filters for load/authorize reso...
authored
151 # [:+except+]
152 # Does not apply before filter to given actions.
dfd84a1 Ryan Bates improving inline documentation
authored
153 #
f166b59 Dmitry Vorotilin Just add singleton to description of authorize_resource
route authored
154 # [:+singleton+]
155 # Pass +true+ if this is a singleton resource through a +has_one+ association.
156 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
157 # [:+parent+]
158 # True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
159 # name is given which does not match the controller.
160 #
161 # [:+class+]
162 # The class to use for the model (string or constant). This passed in when the instance variable is not set.
163 # Pass +false+ if there is no associated class for this resource and it will use a symbol of the resource name.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
164 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
165 # [:+instance_name+]
166 # The name of the instance variable for this resource.
2a3dd85 Ryan Bates adding :name option to load_and_authorize_resource if it does not match ...
authored
167 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
168 # [:+through+]
169 # Authorize conditions on this parent resource when instance isn't available.
170 #
951d70e Ryan Bates adding :prepend option to load_and_authorize_resource - closes #290
authored
171 # [:+prepend+]
172 # Passing +true+ will use prepend_before_filter instead of a normal before_filter.
173 #
25a1c55 Ryan Bates adding :through option to replace :nesting option and moving ResourceAut...
authored
174 def authorize_resource(*args)
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
175 cancan_resource_class.add_before_filter(self, :authorize_resource, *args)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
176 end
1af6c6f Ryan Bates adding check_authorization and skip_authorization controller class metho...
authored
177
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
178 # Skip both the loading and authorization behavior of CanCan for this given controller. This is primarily
179 # useful to skip the behavior of a superclass. You can pass :only and :except options to specify which actions
180 # to skip the effects on. It will apply to all actions by default.
181 #
182 # class ProjectsController < SomeOtherController
183 # skip_load_and_authorize_resource :only => :index
184 # end
185 #
186 # You can also pass the resource name as the first argument to skip that resource.
187 def skip_load_and_authorize_resource(*args)
188 skip_load_resource(*args)
189 skip_authorize_resource(*args)
190 end
191
e561532 Manuel Meurer Fixed typos.
manuelmeurer authored
192 # Skip the loading behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
193 # only do authorization on certain actions. You can pass :only and :except options to specify which actions to
194 # skip the effects on. It will apply to all actions by default.
195 #
196 # class ProjectsController < ApplicationController
197 # load_and_authorize_resource
198 # skip_load_resource :only => :index
199 # end
200 #
201 # You can also pass the resource name as the first argument to skip that resource.
202 def skip_load_resource(*args)
203 options = args.extract_options!
204 name = args.first
205 cancan_skipper[:load][name] = options
206 end
207
e561532 Manuel Meurer Fixed typos.
manuelmeurer authored
208 # Skip the authorization behavior of CanCan. This is useful when using +load_and_authorize_resource+ but want to
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
209 # only do loading on certain actions. You can pass :only and :except options to specify which actions to
210 # skip the effects on. It will apply to all actions by default.
211 #
212 # class ProjectsController < ApplicationController
213 # load_and_authorize_resource
214 # skip_authorize_resource :only => :index
215 # end
216 #
217 # You can also pass the resource name as the first argument to skip that resource.
218 def skip_authorize_resource(*args)
219 options = args.extract_options!
220 name = args.first
221 cancan_skipper[:authorize][name] = options
222 end
223
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
224 # Add this to a controller to ensure it performs authorization through +authorized+! or +authorize_resource+ call.
225 # If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised.
226 # This is normally added to the ApplicationController to ensure all controller actions do authorization.
227 #
228 # class ApplicationController < ActionController::Base
229 # check_authorization
230 # end
231 #
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
232 # See skip_authorization_check to bypass this check on specific controller actions.
80f1ab2 Ryan Bates adding :if and :unless options to check_authorization - closes #284
authored
233 #
234 # Options:
235 # [:+only+]
236 # Only applies to given actions.
237 #
238 # [:+except+]
239 # Does not apply to given actions.
240 #
241 # [:+if+]
242 # Supply the name of a controller method to be called. The authorization check only takes place if this returns true.
243 #
244 # check_authorization :if => :admin_controller?
245 #
246 # [:+unless+]
247 # Supply the name of a controller method to be called. The authorization check only takes place if this returns false.
248 #
249 # check_authorization :unless => :devise_controller?
250 #
251 def check_authorization(options = {})
252 self.after_filter(options.slice(:only, :except)) do |controller|
b3fc5ad Patrick Morgan Correct "return cant jump across threads" error when using check_authori...
codeprimate authored
253 next if controller.instance_variable_defined?(:@_authorized)
254 next if options[:if] && !controller.send(options[:if])
255 next if options[:unless] && controller.send(options[:unless])
80f1ab2 Ryan Bates adding :if and :unless options to check_authorization - closes #284
authored
256 raise AuthorizationNotPerformed, "This action failed the check_authorization because it does not authorize_resource. Add skip_authorization_check to bypass this check."
1af6c6f Ryan Bates adding check_authorization and skip_authorization controller class metho...
authored
257 end
258 end
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
259
260 # Call this in the class of a controller to skip the check_authorization behavior on the actions.
261 #
262 # class HomeController < ApplicationController
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
263 # skip_authorization_check :only => :index
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
264 # end
265 #
266 # Any arguments are passed to the +before_filter+ it triggers.
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
267 def skip_authorization_check(*args)
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
268 self.before_filter(*args) do |controller|
269 controller.instance_variable_set(:@_authorized, true)
270 end
271 end
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
272
787511a Ryan Bates renaming skip_authorization to skip_authorization_check - closes #169
authored
273 def skip_authorization(*args)
274 raise ImplementationRemoved, "The CanCan skip_authorization method has been renamed to skip_authorization_check. Please update your code."
275 end
276
4eee637 Ryan Bates adding support for loading through Inherited Resources - closes #23
authored
277 def cancan_resource_class
278 if ancestors.map(&:to_s).include? "InheritedResources::Actions"
279 InheritedResource
280 else
281 ControllerResource
282 end
283 end
5732711 Ryan Bates adding skip load and authorize behavior - closes #164
authored
284
285 def cancan_skipper
286 @_cancan_skipper ||= {:authorize => {}, :load => {}}
287 end
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
288 end
dfd84a1 Ryan Bates improving inline documentation
authored
289
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
290 def self.included(base)
a5f9882 Ryan Bates turning load and authorize resource methods into class methods which set...
authored
291 base.extend ClassMethods
4e4c5a9 Ryan Bates adding current_ability to helper methods - closes #361
authored
292 base.helper_method :can?, :cannot?, :current_ability
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
293 end
dfd84a1 Ryan Bates improving inline documentation
authored
294
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
295 # Raises a CanCan::AccessDenied exception if the current_ability cannot
296 # perform the given action. This is usually called in a controller action or
297 # before filter to perform the authorization.
dfd84a1 Ryan Bates improving inline documentation
authored
298 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
299 # def show
300 # @article = Article.find(params[:id])
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
301 # authorize! :read, @article
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
302 # end
dfd84a1 Ryan Bates improving inline documentation
authored
303 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
304 # A :message option can be passed to specify a different message.
dfd84a1 Ryan Bates improving inline documentation
authored
305 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
306 # authorize! :read, @article, :message => "Not authorized to read #{@article.name}"
dfd84a1 Ryan Bates improving inline documentation
authored
307 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
308 # You can also use I18n to customize the message. Action aliases defined in Ability work here.
309 #
310 # en:
311 # unauthorized:
312 # manage:
6c3e87e Ryan Bates updating readme and documentation
authored
313 # all: "Not authorized to %{action} %{subject}."
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
314 # user: "Not allowed to manage other user accounts."
315 # update:
316 # project: "Not allowed to update this project."
317 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
318 # You can rescue from the exception in the controller to customize how unauthorized
319 # access is displayed to the user.
dfd84a1 Ryan Bates improving inline documentation
authored
320 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
321 # class ApplicationController < ActionController::Base
ef22de6 Ryan Bates adding custom message argument to unauthorized! method - closes #18
authored
322 # rescue_from CanCan::AccessDenied do |exception|
b2028c8 Ryan Bates moving :alert into redirect_to call in documentation
authored
323 # redirect_to root_url, :alert => exception.message
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
324 # end
325 # end
dfd84a1 Ryan Bates improving inline documentation
authored
326 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
327 # See the CanCan::AccessDenied exception for more details on working with the exception.
dfd84a1 Ryan Bates improving inline documentation
authored
328 #
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
329 # See the load_and_authorize_resource method to automatically add the authorize! behavior
330 # to the default RESTful actions.
a5f838a Ryan Bates use I18n for unauthorization messages - closes #103
authored
331 def authorize!(*args)
1af6c6f Ryan Bates adding check_authorization and skip_authorization controller class metho...
authored
332 @_authorized = true
a5f838a Ryan Bates use I18n for unauthorization messages - closes #103
authored
333 current_ability.authorize!(*args)
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
334 end
dfd84a1 Ryan Bates improving inline documentation
authored
335
8903fee Ryan Bates removing unauthorized! in favor of authorize! and including more informa...
authored
336 def unauthorized!(message = nil)
337 raise ImplementationRemoved, "The unauthorized! method has been removed from CanCan, use authorize! instead."
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
338 end
dfd84a1 Ryan Bates improving inline documentation
authored
339
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
340 # Creates and returns the current user's ability and caches it. If you
341 # want to override how the Ability is defined then this is the place.
342 # Just define the method in the controller to change behavior.
dfd84a1 Ryan Bates improving inline documentation
authored
343 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
344 # def current_ability
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
345 # # instead of Ability.new(current_user)
346 # @current_ability ||= UserAbility.new(current_account)
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
347 # end
dfd84a1 Ryan Bates improving inline documentation
authored
348 #
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
349 # Notice it is important to cache the ability object so it is not
350 # recreated every time.
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
351 def current_ability
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
352 @current_ability ||= ::Ability.new(current_user)
baeef0b Ryan Bates adding conditions behavior to Ability#can and fetch with Ability#conditi...
authored
353 end
dfd84a1 Ryan Bates improving inline documentation
authored
354
5bd1a85 Ryan Bates little fixes to inline documentation (rdocs)
authored
355 # Use in the controller or view to check the user's permission for a given action
356 # and object.
dfd84a1 Ryan Bates improving inline documentation
authored
357 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
358 # can? :destroy, @project
dfd84a1 Ryan Bates improving inline documentation
authored
359 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
360 # You can also pass the class instead of an instance (if you don't have one handy).
dfd84a1 Ryan Bates improving inline documentation
authored
361 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
362 # <% if can? :create, Project %>
363 # <%= link_to "New Project", new_project_path %>
364 # <% end %>
dfd84a1 Ryan Bates improving inline documentation
authored
365 #
bf9b8ad Ryan Bates filling in some inline documentation for 1.4
authored
366 # If it's a nested resource, you can pass the parent instance in a hash. This way it will
367 # check conditions which reach through that association.
368 #
369 # <% if can? :create, @category => Project %>
370 # <%= link_to "New Project", new_project_path %>
371 # <% end %>
372 #
5bd1a85 Ryan Bates little fixes to inline documentation (rdocs)
authored
373 # This simply calls "can?" on the current_ability. See Ability#can?.
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
374 def can?(*args)
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
375 current_ability.can?(*args)
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
376 end
dfd84a1 Ryan Bates improving inline documentation
authored
377
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
378 # Convenience method which works the same as "can?" but returns the opposite value.
dfd84a1 Ryan Bates improving inline documentation
authored
379 #
b9227eb Ryan Bates adding a lot of inline documentation to code for rdocs
authored
380 # cannot? :destroy, @project
dfd84a1 Ryan Bates improving inline documentation
authored
381 #
0f49b54 Ryan Bates adding 'cannot?' method which performs opposite check of 'can?' - closes...
authored
382 def cannot?(*args)
ef5900c Ryan Bates adding caching to current_ability class method, if you're overriding thi...
authored
383 current_ability.cannot?(*args)
0f49b54 Ryan Bates adding 'cannot?' method which performs opposite check of 'can?' - closes...
authored
384 end
44b36ce Ryan Bates adding controller additions with basic behavior.
authored
385 end
386 end
387
aaed265 Ryan Bates turning into a funtioning Rails plugin
authored
388 if defined? ActionController
389 ActionController::Base.class_eval do
390 include CanCan::ControllerAdditions
391 end
1edf583 Ryan Bates BACKWARDS INCOMPATIBLE: use Ability#initialize instead of 'prepare' to s...
authored
392 end
Something went wrong with that request. Please try again.