module Allowy::AccessControl

This module provides the interface for implementing the access control actions. In order to use it, mix it into a plain Ruby class and define methods ending with ‘?`. For example:

@example
class PageAccess
  include Allowy::AccessControl

  def view?(page)
    page and page.wiki? and context.user_signed_in?
  end
end

And then you can check the permissions from a controller:

@example
def show
  @page = Page.find params[:id]
  authorize! :view, @page
end

You can also check the permissions outside of the controller, but you need an object that includes ‘Allowy::Context` class:

@example
class CucumberContext
  include Allowy::Context
  attr_accessor :current_user

  def initialize(user)
    @current_user = user
  end
end

CucumberContext.new(that_user).can?(:create, Blog)
CucumberContext.new(that_user).should be_able_to :create, Blog

Attributes

context[R]

Public Class Methods

new(ctx) click to toggle source
# File lib/allowy/access_control.rb, line 46
def initialize(ctx)
  @context = ctx
end

Public Instance Methods

authorize!(action, subject, *params) click to toggle source
# File lib/allowy/access_control.rb, line 59
def authorize!(action, subject, *params)
  allowing, payload = check_permission(action, subject, *params)
  raise AccessDenied.new("Not authorized", action, subject, payload) if not allowing
end
can?(action, subject, *params) click to toggle source
# File lib/allowy/access_control.rb, line 50
def can?(action, subject, *params)
  allowing, _ = check_permission(action, subject, *params)
  allowing
end
cannot?(*args) click to toggle source
# File lib/allowy/access_control.rb, line 55
def cannot?(*args)
  not can?(*args)
end
deny!(payload) click to toggle source
# File lib/allowy/access_control.rb, line 64
def deny!(payload)
  throw(:deny, payload)
end

Private Instance Methods

check_permission(action, subject, *params) click to toggle source
# File lib/allowy/access_control.rb, line 70
def check_permission(action, subject, *params)
  m = "#{action}?"
  raise UndefinedAction.new("The #{self.class.name} needs to have #{m} method. Please define it.") unless self.respond_to? m
  allowing = false
  payload = catch(:deny) { allowing = send(m, subject, *params) }
  [allowing, payload]
end