Module Authorization::AuthorizationInController
In: lib/declarative_authorization/in_controller.rb

Methods

Classes and Modules

Module Authorization::AuthorizationInController::ClassMethods

Constants

DEFAULT_DENY = false

Public Class methods

Public Instance methods

Returns the Authorization::Engine for the current controller.

Intended to be used where you want to allow users with any single listed role to view the content in question

As has_any_role? except checks all roles included in the role hierarchy

While permitted_to? is used for authorization, in some cases content should only be shown to some users without being concerned with authorization. E.g. to only show the most relevant menu options to a certain group of users. That is what has_role? should be used for.

As has_role? except checks all roles included in the role hierarchy

Works similar to the permitted_to? method, but throws the authorization exceptions, just like Engine#permit!

If the current user meets the given privilege, permitted_to? returns true and yields to the optional block. The attribute checks that are defined in the authorization rules are only evaluated if an object is given for context.

See examples for Authorization::AuthorizationHelper permitted_to?

If no object or context is specified, the controller_name is used as context.

Protected Instance methods

[Validate]