module ActionAccess::ControllerAdditions

Public Class Methods

included(base) click to toggle source
# File lib/action_access/controller_additions.rb, line 49
def self.included(base)
  base.extend ClassMethods
  base.helper_method :keeper
end

Private Instance Methods

current_clearance_levels() click to toggle source

Current user's clearance levels (override to customize).

# File lib/action_access/controller_additions.rb, line 63
def current_clearance_levels
  # Notify deprecation of `current_clearance_level` (singular)
  if defined? current_clearance_level
    ActiveSupport::Deprecation.warn \
      '[Action Access] The use of "current_clearance_level" '   +
      'is going to be deprecated in the next release, rename ' +
      'it to "current_clearance_levels" (plural).'
    return current_clearance_level
  end

  if defined?(current_user) and current_user.respond_to?(:clearance_levels)
    current_user.clearance_levels
  else
    :guest
  end
end
keeper() click to toggle source

Helper to access Keeper's instance.

# File lib/action_access/controller_additions.rb, line 58
def keeper
  ActionAccess::Keeper.instance
end
not_authorized!(*args) click to toggle source

Redirect if not authorized. May be used inside action methods for finer control.

# File lib/action_access/controller_additions.rb, line 95
def not_authorized!(*args)
  options = args.extract_options!
  message = options[:message] ||
    I18n.t('action_access.redirection_message', default: 'Not authorized.')
  path = options[:path] || unauthorized_access_redirection_path
  redirect_to path, alert: message
end
unauthorized_access_redirection_path() click to toggle source

Default path to redirect any non authorized access (override to customize).

# File lib/action_access/controller_additions.rb, line 81
def unauthorized_access_redirection_path
  root_path
end
validate_access!() click to toggle source

Validate access to the current route.

# File lib/action_access/controller_additions.rb, line 86
def validate_access!
  action = self.action_name
  clearance_levels = Array(current_clearance_levels)
  authorized = clearance_levels.any? { |c| keeper.lets? c, action, self.class }
  not_authorized! unless authorized
end