class Object

Public Instance Methods

admin() click to toggle source
# File lib/generators/action_permission/permission/templates/permission.rb, line 39
def admin
  allow_rest_actions
  allow_params
end
index() click to toggle source

GET <%= route_url %> GET <%= route_url %>.json

# File lib/generators/rails/templates/controller.rb, line 5
def index
  @<%= plural_table_name %> = <%= orm_class.all(class_name) %>

  respond_to do |format|
    format.html # index.html.erb
    format.json { render json: <%= "@#{plural_table_name}" %> }
  end
params() click to toggle source

defines parameters for requests coming to associated object/controlelr typically defines all attributes and uses except option to exclude params on a per-role basis

# File lib/generators/action_permission/permission/templates/permission.rb, line 7
def params
  [<%= attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>]
end

# define methods for each of your user roles here

# allow [:actions] 
# defines routes allowed for that role
# an optional block can be passed to allow to check 
# things like ownership.

# allow_params
# options: [:except, :only]
# define params user role can change
# no options gives access to all of #params
# except excludes any listed
# only overwrites params array

# @membership is available as the object returned from
# method passed to ActionPermission::Controller#authorize_with

def guest
  allow [:show]
end

def user
  allow_rest_actions do |user|
    @membership.id == user.id
  end
show() click to toggle source

GET <%= route_url %>/1 GET <%= route_url %>/1.json

# File lib/generators/rails/templates/controller.rb, line 16
def show
  @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>

  respond_to do |format|
    format.html # show.html.erb
    format.json { render json: <%= "@#{singular_table_name}" %> }
  end