module Authorizable::Controller::ClassMethods
Public Instance Methods
authorizable(config = {})
click to toggle source
sets up a before filter that will redirect if the permission condition fails
@example
authorizable( edit: { # implies current_user.can_edit?(@event) target: :event, redirect_path: Proc.new{ hosted_event_path(@event) } } )
@example
authorizable( create: { permission: :can_create_event?, redirect_path: Proc.new{ hosted_events_path } }, destroy: { # implies current_user.can_delete?(@event) target: :event, redirect_path: Proc.new{ hosted_event_path(@event) } } )
@param [Hash] config the list of options to configure actions to be authorizable @option config [Symbol] action the action to authorize with @option action [ActiveRecord::Base] :user (current_user) object to run the condition on @option action [Symbol] :permission (can_{action}?(target)) the condition to run on the :user @option action [Symbol] :target (“@#{target}”) the name of the object passed to the :permission
if no target is provided :permission becomes a required option
@option action [Proc] :redirect_path where to go upon unauthorized @option action [String] :message (I18n.t(‘authorizable.not_authorized’))
message to display as a flash message upon an unauthorized attempt
@option action [Symbol] :flash_type (:alert) what flash type to use for displaying the :message
# File lib/authorizable/controller.rb, line 46 def authorizable(config = {}) Authorizable::Controller.parameters_are_valid?(config) self.authorizable_config = config self.send(:before_filter, :authorizable_authorized?) end