permission_check.rb
2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
module PermissionCheck
module ClassMethods
# Declares the +permission+ need to be able to access +action+.
#
# * +permission+ must be a symbol or string naming the needed permission to
# access the specified actions.
# * +target+ is the object over witch the user would need the specified
# permission and must be specified as a symbol or the string 'global'. The controller using
# +target+ must respond to a method with that name returning the object
# against which the permissions needed will be checked or if 'global' is passed it will be
# cheked if the assignment is global
# * +accessor+ is a mehtod that returns the accessor who must have the permission. By default
# is :user
# * +action+ must be a hash of options for a before filter like
# :only => :index or :except => [:edit, :update] by default protects all the actions
def protect(permission, target_method, accessor_method = :user, actions = {})
actions, accessor_method = accessor_method, :user if accessor_method.kind_of?(Hash)
before_filter actions do |c|
target = target_method.kind_of?(Symbol) ? c.send(target_method) : target_method
accessor = accessor_method.kind_of?(Symbol) ? c.send(accessor_method) : accessor_method
unless accessor && accessor.has_permission?(permission.to_s, target)
# c.instance_variable_set('@b', [accessor, permission, target])
c.send(:render, :file => access_denied_template_path, :status => 403) && false
end
end
end
def access_denied_template_path
if File.exists?(File.join(RAILS_ROOT, 'app', 'views','access_control' ,'access_denied.rhtml'))
file_path = File.join(RAILS_ROOT, 'app', 'views','access_control' ,'access_denied.rhtml')
else
file_path = File.join(File.dirname(__FILE__),'..', 'views','access_denied.rhtml')
end
end
end
def self.included(including)
including.send(:extend, PermissionCheck::ClassMethods)
end
end