module Authority::Controller::ClassMethods

Public Instance Methods

add_actions(action_map) click to toggle source

Adds the passed in actions to the current action map.

@param [Hash] action_map - controller actions and methods to be merged with the existing action map

# File lib/authority/controller.rb, line 103
def add_actions(action_map)
  authority_action_map.merge!(action_map)
end
authority_action(action_map) click to toggle source
# File lib/authority/controller.rb, line 70
def authority_action(action_map)
  Authority.logger.warn "Authority's `authority_action` method has been renamed \
  to `authority_actions` (plural) to reflect the fact that you can \
  set multiple actions in one shot. Please update your controllers \
  accordingly. (called from #{caller.first})".squeeze(' ')
  authority_actions(action_map)
end
authority_action_map() click to toggle source

The controller action to authority action map used for determining which Rails actions map to which authority actions (ex: index to read)

@return [Hash] A duplicated copy of the configured controller_action_map

# File lib/authority/controller.rb, line 95
def authority_action_map
  @authority_action_map ||= Authority.configuration.controller_action_map.dup
end
authority_actions(action_map) click to toggle source

Allows defining and overriding a controller's map of its actions to the model's authorizer methods

@param [Hash] action_map - controller actions and methods, to be merged with existing action_map

# File lib/authority/controller.rb, line 64
def authority_actions(action_map)
  forced_action = action_map.delete(:all_actions)
  add_actions(action_map)
  force_action(forced_action) if forced_action
end
authorize_actions_for(resource_or_finder, options = {}) click to toggle source

Sets up before_filter to ensure user is allowed to perform a given controller action

@param [Class OR Symbol] resource_or_finder - class whose authorizer should be consulted, or instance method on the controller which will determine that class when the request is made @param [Hash] options - can contain :actions to be merged with existing ones and any other options applicable to a before_filter, and can contain an array of :opts to pass to the authorizer

# File lib/authority/controller.rb, line 46
def authorize_actions_for(resource_or_finder, options = {})
  self.authority_resource = resource_or_finder
  add_actions(options.fetch(:actions, {}))
  force_action(options[:all_actions]) if options[:all_actions]
  
  # Capture custom authorization options
  self.authority_arguments = options.delete(:args)
  
  if respond_to? :before_action
    before_action :run_authorization_check, options
  else
    before_filter :run_authorization_check, options
  end
end
ensure_authorization_performed(options = {}) click to toggle source

Convenience wrapper for instance method

# File lib/authority/controller.rb, line 79
def ensure_authorization_performed(options = {})
  if respond_to? :after_action
    after_action(options.slice(:only, :except)) do |controller_instance|
       controller_instance.ensure_authorization_performed(options)
    end
  else
    after_filter(options.slice(:only, :except)) do |controller_instance|
       controller_instance.ensure_authorization_performed(options)
    end
  end        
end
force_action(forced_action) click to toggle source

Updates the current action map to use the forced action for all of it's actions.

@param [String OR Symbol] forced_action - the authority action to use for all Rails actions in the action map

# File lib/authority/controller.rb, line 112
def force_action(forced_action)
  add_actions(
    Hash[authority_action_map.map {|key, _| [key, forced_action] }]
  )
end