module CanCan::ControllerAdditions::ClassMethods

Public Instance Methods

authorize_resource(options = {}) click to toggle source

Sets up a before filter which authorizes the current resource using the instance variable. For example, if you have an ArticlesController it will check the @article instance variable and ensure the user can perform the current action on it. Under the hood it is doing something like the following.

authorize!(params[:action].to_sym, @article || Article)

Call this method directly on the controller class.

class BooksController < ApplicationController
  authorize_resource
end

See #load_and_authorize_resource to automatically load the resource too.

Options:

:only

Only applies before filter to given actions.

:except

Does not apply before filter to given actions.

:name

The name of the resource if it cannot be determined from controller (string or symbol).

load_resource :name => :article
:resource

The class to use for the model (string or constant). Alternatively pass a symbol to represent a resource which does not have a class.

# File lib/cancan/controller_additions.rb, line 119
def authorize_resource(options = {})
  ResourceAuthorization.add_before_filter(self, :authorize_resource, options)
end
load_and_authorize_resource(options = {}) click to toggle source

Sets up a before filter which loads and authorizes the current resource. This performs both #load_resource and #authorize_resource and accepts the same arguments. See those methods for details.

class BooksController < ApplicationController
  load_and_authorize_resource
end
# File lib/cancan/controller_additions.rb, line 14
def load_and_authorize_resource(options = {})
  ResourceAuthorization.add_before_filter(self, :load_and_authorize_resource, options)
end
load_resource(options = {}) click to toggle source

Sets up a before filter which loads the appropriate model resource into an instance variable. For example, given an ArticlesController it will load the current article into the @article instance variable. It does this by either calling Article.find(params) or Article.new(params) depending upon the action. It does nothing for the “index” action.

Call this method directly on the controller class.

class BooksController < ApplicationController
  load_resource
end

A resource is not loaded if the instance variable is already set. This makes it easy to override the behavior through a before_filter on certain actions.

class BooksController < ApplicationController
  before_filter :find_book_by_permalink, :only => :show
  load_resource

  private

  def find_book_by_permalink
    @book = Book.find_by_permalink!(params[:id)
  end
end

See #load_and_authorize_resource to automatically authorize the resource too.

Options:

:only

Only applies before filter to given actions.

:except

Does not apply before filter to given actions.

:nested

Specify which resource this is nested under.

load_resource :nested => :author

Deep nesting can be defined in an array.

load_resource :nested => [:publisher, :author]
:name

The name of the resource if it cannot be determined from controller (string or symbol).

load_resource :name => :article
:resource

The class to use for the model (string or constant).

:collection

Specify which actions are resource collection actions in addition to :index. This is usually not necessary because it will try to guess depending on if an :id is present in params.

load_resource :collection => [:sort, :list]
:new

Specify which actions are new resource actions in addition to :new and :create. Pass an action name into here if you would like to build a new resource instead of fetch one.

load_resource :new => :build
# File lib/cancan/controller_additions.rb, line 84
def load_resource(options = {})
  ResourceAuthorization.add_before_filter(self, :load_resource, options)
end