class Ability
Model for storing cancan permissions
Public Class Methods
new(user)
click to toggle source
When a user is created, setup permissions based on the role and permission models If the user has the super admin role, give access to all actions on all controllers
@param user Optionally pass the user. A new user is created if no user is supplied
# File lib/generators/devisable/templates/partials/_ability_class.rb, line 9 def initialize(user) user ||= User.new # guest user user.roles.each do |role| role.permissions.each do |permission| can permission.ability.downcase.to_sym, Object::const_get(permission.model) if permission.ability.to_s == 'manage' ['view','edit','delete','add'].each do |action| can action.to_sym, Object::const_get(permission.model) end end end end if user.role? :super_admin can :manage, :all end #examples of some ways to have certain roles manage certain controllers #please see the user views on how to check for the permissions #if user.role? :super_admin # can :manage, :all #elsif user.role? :product_admin # can [:read, :update, :create, :destroy], [Product, Asset, Issue] #elsif user.role? :product_team # can :read, [Product, Asset] # # manage products, assets he owns # can :manage, Product do |product| # can :read, Product, :active => true, :user_id => user.id # can :read, Project, :category => { :visible => true } # can :read, Project, :priority => 1..3 #end #can :manage, Asset do |asset| # asset.assetable.try(:owner) == user #end #end ##If you want to add a permissions scaffold to replace the roles_users #def initialize(user) # can do |action, subject_class, subject| # user.permissions.find_all_by_action(action).any do |permission| # permission.subject_class == subject_class.to_s && # (subject.nil? || permission.subject_id.nil? || permission.subject_id == subject.id) # end # end #end end