Module | Authorization::AuthorizationInModel |
In: |
lib/declarative_authorization/in_model.rb
|
Activates model security for the current model. Then, CRUD operations are checked against the authorization of the current user. The privileges are :create, :read, :update and :delete in the context of the model. By default, :read is not checked because of performance impacts, especially with large result sets.
class User < ActiveRecord::Base using_access_control end
If an operation is not permitted, a Authorization::AuthorizationError is raised.
To activate model security on all models, call using_access_control on ActiveRecord::Base
ActiveRecord::Base.using_access_control
Available options
Named scope for limiting query results according to the authorization of the current user. If no privilege is given, :read is assumed.
User.with_permissions_to User.with_permissions_to(:update) User.with_permissions_to(:update, :context => :users)
As in the case of other named scopes, this one may be chained:
User.with_permission_to.find(:all, :conditions...)
Options
Works similar to the permitted_to? method, but doesn‘t accept a block and throws the authorization exceptions, just like Engine#permit!
If the user meets the given privilege, permitted_to? returns true and yields to the optional block.