module Eaco::Controller::ClassMethods

Controller authorization DSL.

Public Instance Methods

authorize(*actions) click to toggle source

Defines the ability required to access a given controller action.

Example:

class DocumentsController < ApplicationController
  authorize :index,           [:folder, :index]
  authorize :show,            [:folder, :read]
  authorize :create, :update, [:folder, :write]
end

Here +@folder+ is expected to be an authorized Resource, and for the index action the current_user is checked to +can?(:index, @folder)+ while for show, +can?(:read, @folder)+ and for create and update checks that it +can?(:write, @folder)+.

The special :all action name requires the given ability on the given Resource for all actions.

If an action has no authorization defined, access is granted.

Adds {Controller#confront_eaco} as a before_filter.

@param actions [Variadic] see above.

@return void

# File lib/eaco/controller.rb, line 51
def authorize(*actions)
  target = actions.pop

  actions.each {|action| authorization_permissions.update(action => target)}

  @_eaco_filter_installed ||= begin
    if ActionPack::VERSION::MAJOR == 5
      before_action :confront_eaco
    else
      before_filter :confront_eaco
    end

    true
  end
end
permission_for(action) click to toggle source

Gets the permission required to access the given action, falling back on the default :all action, or nil if no permission is defined.

@return [Symbol] the required permission or nil

@see {Eaco::Resource} @see {Eaco::DSL::Resource}

# File lib/eaco/controller.rb, line 77
def permission_for(action)
  authorization_permissions[action] || authorization_permissions[:all]
end

Protected Instance Methods

authorization_permissions() click to toggle source

Permission requirements configured on this controller, keyed by permission symbol and with role symbols as values.

@return [Hash]

@see {Eaco::DSL::Resource}

# File lib/eaco/controller.rb, line 90
def authorization_permissions
  @_authorization_permissions ||= {}
end