This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
How to use acts_as_permissible in your controllers
The following is a proposition of how to use this plugin in your controllers.
First, in ApplicationController, we’ll define the authorized method:
class ApplicationController < ActionController::Base ... protected def authorize(permissions = []) ( current_user && current_user.has_permission?(*permissions) ) || access_denied end end
As you can see in the above example I rely on having a current_user method, which returns an instance of the logged in user, and an access_denied method, which handles the case when the user is not authorized to access a certain page or action. The above implementation will always return true because the permissions array is empty.
Let’s say you want to protect an entire controller with the same permissions.
You can do it with a before filter like this:
ProtectedController < ApplicationController before_filter :authorize def index ... end ...
You will need to override the authorize method in your controller and change the list of default parameters, like this:
... protected def authorize(permissions = ["view_secret_documents"]) super(permissions) end end # of ProtectedController
If instead you need to protect your controller on a per-action basis, you can do this:
AnotherController < ApplicationController def index authorize(permissions = ["view_secret_documents_list"]) # will redirect if not authorized ... end def show authorize(permissions = ["read_secret_document"]) # will redirect if not authorized ... end end
