Module Authorization::AuthorizationInModel
In: lib/declarative_authorization/in_model.rb

Methods

Public Class methods

Builds and returns a scope with joins and conditions satisfying all obligations.

Activates model security for the current model. Then, CRUD operations are checked against the authorization of the current user. The privileges are :create, :read, :update and :delete in the context of the model. By default, :read is not checked because of performance impacts, especially with large result sets.

  class User < ActiveRecord::Base
    using_access_control
  end

If an operation is not permitted, a Authorization::AuthorizationError is raised.

To activate model security on all models, call using_access_control on ActiveRecord::Base

  ActiveRecord::Base.using_access_control

Available options

:context
Specify context different from the models table name.
:include_read
Also check for :read privilege after find.

Returns true if the model is using model security.

Named scope for limiting query results according to the authorization of the current user. If no privilege is given, :read is assumed.

  User.with_permissions_to
  User.with_permissions_to(:update)
  User.with_permissions_to(:update, :context => :users)

As in the case of other named scopes, this one may be chained:

  User.with_permission_to.find(:all, :conditions...)

Options

:context
Context for the privilege to be evaluated in; defaults to the model‘s table name.
:user
User to be used for gathering obligations; defaults to the current user.

Public Instance methods

Works similar to the permitted_to? method, but doesn‘t accept a block and throws the authorization exceptions, just like Engine#permit!

If the user meets the given privilege, permitted_to? returns true and yields to the optional block.

[Validate]