class Object
Public Instance Methods
admin()
click to toggle source
# File lib/generators/action_permission/permission/templates/permission.rb, line 39 def admin allow_rest_actions allow_params end
index()
click to toggle source
GET <%= route_url %> GET <%= route_url %>.json
# File lib/generators/rails/templates/controller.rb, line 5 def index @<%= plural_table_name %> = <%= orm_class.all(class_name) %> respond_to do |format| format.html # index.html.erb format.json { render json: <%= "@#{plural_table_name}" %> } end
params()
click to toggle source
defines parameters for requests coming to associated object/controlelr typically defines all attributes and uses except option to exclude params on a per-role basis
# File lib/generators/action_permission/permission/templates/permission.rb, line 7 def params [<%= attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>] end # define methods for each of your user roles here # allow [:actions] # defines routes allowed for that role # an optional block can be passed to allow to check # things like ownership. # allow_params # options: [:except, :only] # define params user role can change # no options gives access to all of #params # except excludes any listed # only overwrites params array # @membership is available as the object returned from # method passed to ActionPermission::Controller#authorize_with def guest allow [:show] end def user allow_rest_actions do |user| @membership.id == user.id end
show()
click to toggle source
GET <%= route_url %>/1 GET <%= route_url %>/1.json
# File lib/generators/rails/templates/controller.rb, line 16 def show @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %> respond_to do |format| format.html # show.html.erb format.json { render json: <%= "@#{singular_table_name}" %> } end