Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Added load_and_authorize_resource! #762

Open
wants to merge 1 commit into from

3 participants

@ollym

Same pull request as I had before, just putting it into a separate branch.

@qnm

HI @ollym

Can you describe the use case for this PR? This is so the the maintainers can understand what problem the PR solves. Example code for how you would use it would be great!

@ollym

Ok, so for example.

routes.rb

resources :users do
  resources :tokens
end

resources :accounts do
  resources :tokens
end

resources :tokens

tokens_controller.rb

class TokensController < ApplicationController
  before_filter -> {
    if params[:account_id]
      load_and_authorize_resource! :account
      load_and_authorize_resource! :token, through: :account
    elsif params[:user_id]
      load_and_authorize_resource! :user
      load_and_authorize_resource! :token, through: :user
    else
      load_and_authorize_resource! :token
    end
  }

  # ...
end

@qnm Are you now maintaining cancan btw?

@qnm

@ollym No mate, just trying to triage some of the older PRs and issues.

@ryanb Mind looking at this load_and_authorize_resource! controller mixin PR, please? It provides load_and_authorize_resource for arbitrary resources.

@xhoy

Dear submitter, Since cancan/raynB hasn't been active for more than 6 months and no body else then ryam himself has commit permissions the cancan project is on a stand still.
Since cancan has several issues including missing support for rails 4 cancan is moving forward to cancancan. More details on: #994

If your feel that your pull request or bug is still applicable (and hasn't been merged in to cancan) it would be really appreciated if you would resubmit it to cancancan (https://github.com/cancancommunity/cancancan)

We hope to see you on the other side!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 8, 2012
  1. @ollym
This page is out of date. Refresh to see the latest.
View
17 lib/cancan/controller_additions.rb
@@ -382,6 +382,23 @@ def can?(*args)
def cannot?(*args)
current_ability.cannot?(*args)
end
+
+ # Loads and authorizes a resource at runtime within the controller instance.
+ #
+ # before_filter lambda {
+ # if params.has_key? :parent_id
+ # load_and_authorize_resource! :parent
+ # load_and_authorize_resource! through: :parent
+ # else
+ # load_and_authorize_resource!
+ # end
+ # }
+ #
+ def load_and_authorize_resource!(*args)
+ options = args.extract_options!.merge({:load => true, :authorize => true})
+ resource_name = args.first
+ self.class.cancan_resource_class.new(self, resource_name, options.except(:only, :except)).process
+ end
end
end
View
7 spec/cancan/controller_additions_spec.rb
@@ -115,4 +115,11 @@
@controller_class.enable_authorization { |e| @block_called = (e == :exception) }
@block_called.should be_true
end
+
+ it "load_and_authorize_resource! should work as a instance class method" do
+ controller_resource = double("controller_resource")
+ controller_resource.should_receive(:process)
+ CanCan::ControllerResource.stub(:new).with(@controller, nil, :load => true, :authorize => true, :foo => :bar) { controller_resource }
+ @controller.load_and_authorize_resource!(:foo => :bar)
+ end
end
Something went wrong with that request. Please try again.