class Wallaby::CancancanAuthorizationProvider
@note This authorization provider DOES NOT use the existing
{https://www.rubydoc.info/github/CanCanCommunity/cancancan/CanCan%2FControllerAdditions:current_ability current_ability} helper. It has its own version of {#ability} instance.
{github.com/CanCanCommunity/cancancan CanCanCan} base authorization provider.
Attributes
ability[W]
@!attribute [w] ability
Public Class Methods
available?(context)
click to toggle source
Detect and see if CanCanCan is in use. @param context [ActionController::Base, ActionView::Base] @return [true] if CanCanCan is in use @return [false] otherwise.
# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 13 def self.available?(context) defined?(CanCanCan) && context.respond_to?(:current_ability) end
Public Instance Methods
ability()
click to toggle source
@!attribute [r] ability @return [Ability] the Ability instance for {#user user} (which is a
{Wallaby::AuthenticationConcern#wallaby_user #wallaby_user})
# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 23 def ability # NOTE: use current_ability's class to create the ability instance. # just in case that developer uses a different Ability class (e.g. UserAbility) @ability ||= options[:ability] || Ability.new(user) rescue ArgumentError, NameError context.current_ability end
accessible_for(action, scope)
click to toggle source
Restrict user to access certain scope/query. @param action [Symbol, String] @param scope [Object] @return [Object]
# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 59 def accessible_for(action, scope) scope.try(:accessible_by, ability, action) || scope end
permit_params(action, subject)
click to toggle source
Simply return nil as CanCanCan doesn't provide such a feature. @param action [Symbol, String] @param subject [Object] @return [nil]
# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 74 def permit_params(action, subject) # Do nothing end