module RighterForApplicationController
Public Class Methods
included(controller_klass)
click to toggle source
# File lib/injections/righter_for_application_controller.rb, line 2 def self.included(controller_klass) controller_klass.before_filter :enforce_righter end
Public Instance Methods
enforce_resource_security(right_name, resource, options = {})
click to toggle source
# File lib/injections/righter_for_application_controller.rb, line 16 def enforce_resource_security(right_name, resource, options = {}) # currently need to call this manually as soon as the instance of the resource is retrieved in the controller action u = righter_user fail RighterNoUserError.new unless u options.merge!(resource: resource, right: right_name) unless u.righter_accessible?(options) fail RighterError.new("user #{u.login} is not authorized to '#{right_name}' resource #{resource.inspect}") end end
enforce_righter()
click to toggle source
# File lib/injections/righter_for_application_controller.rb, line 6 def enforce_righter u = righter_user fail RighterNoUserError.new unless u c = params[:controller].to_sym a = params[:action].to_sym unless u.righter_accessible?(controller: c, action: a) fail RighterError.new("user #{u.login} is trying to reach prohibited content: #{c}/#{a}") end end
righter_user()
click to toggle source
Override this method in your application @return [User]
# File lib/injections/righter_for_application_controller.rb, line 28 def righter_user User.current_user end