will/cancan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adding :through option to replace :nesting option and moving ResourceAuthorization class code into ControllerResource

Browse Source
This commit is contained in:
Ryan Bates
2010-08-05 16:12:30 -07:00
parent 8dee01195d
commit 25a1c553bf
8 changed files with 308 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/cancan.rb
View File

@@ -1,7 +1,6 @@
require 'cancan/ability'
require 'cancan/can_definition'
require 'cancan/controller_resource'
require 'cancan/resource_authorization'
require 'cancan/controller_additions'
require 'cancan/active_record_additions'
require 'cancan/exceptions'

80
lib/cancan/controller_additions.rb
View File

@@ -11,11 +11,11 @@ module CanCan
# load_and_authorize_resource
# end
#
def load_and_authorize_resource(options = {})
ResourceAuthorization.add_before_filter(self, :load_and_authorize_resource, options)
def load_and_authorize_resource(*args)
ControllerResource.add_before_filter(self, :load_and_authorize_resource, *args)
end
# Sets up a before filter which loads the appropriate model resource into an instance variable.
# Sets up a before filter which loads the model resource into an instance variable.
# For example, given an ArticlesController it will load the current article into the @article
# instance variable. It does this by either calling Article.find(params[:id]) or
# Article.new(params[:article]) depending upon the action. It does nothing for the "index"
@@ -41,6 +41,20 @@ module CanCan
# end
# end
#
# If a name is provided which does not match the controller it assumes it is a parent resource. Child
# resources can then be loaded through it.
#
# class BooksController < ApplicationController
# load_resource :author
# load_resource :book, :through => :author
# end
#
# Here the author resource will be loaded before each action using params[:author_id]. The book resource
# will then be loaded through the @author instance variable.
#
# That first argument is optional and will default to the singular name of the controller.
# A hash of options (see below) can also be passed to this method to further customize it.
#
# See load_and_authorize_resource to automatically authorize the resource too.
#
# Options:
@@ -50,27 +64,22 @@ module CanCan
# [:+except+]
# Does not apply before filter to given actions.
#
# [:+nested+]
# Specify which resource this is nested under.
# [:+through+]
# Load this resource through another one. This should match the name of the parent instance variable.
#
# load_resource :nested => :author
# [:+parent+]
# True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
# name is given which does not match the controller.
#
# Deep nesting can be defined in an array.
#
# load_resource :nested => [:publisher, :author]
#
# [:+name+]
# The name of the resource if it cannot be determined from controller (string or symbol).
#
# load_resource :name => :article
#
# [:+resource+]
# [:+class+]
# The class to use for the model (string or constant).
#
# [:+instance_name+]
# The name of the instance variable to load the resource into.
#
# [:+collection+]
# Specify which actions are resource collection actions in addition to :+index+. This
# is usually not necessary because it will try to guess depending on if an :+id+
# is present in +params+.
# is usually not necessary because it will try to guess depending on if the id param is present.
#
# load_resource :collection => [:sort, :list]
#
@@ -81,11 +90,11 @@ module CanCan
#
# load_resource :new => :build
#
def load_resource(options = {})
ResourceAuthorization.add_before_filter(self, :load_resource, options)
def load_resource(*args)
ControllerResource.add_before_filter(self, :load_resource, *args)
end
# Sets up a before filter which authorizes the current resource using the instance variable.
# Sets up a before filter which authorizes the resource using the instance variable.
# For example, if you have an ArticlesController it will check the @article instance variable
# and ensure the user can perform the current action on it. Under the hood it is doing
# something like the following.
@@ -98,6 +107,19 @@ module CanCan
# authorize_resource
# end
#
# If you pass in the name of a resource which does not match the controller it will assume
# it is a parent resource.
#
# class BooksController < ApplicationController
# authorize_resource :author
# authorize_resource :book
# end
#
# Here it will authorize :+show+, @+author+ on every action before authorizing the book.
#
# That first argument is optional and will default to the singular name of the controller.
# A hash of options (see below) can also be passed to this method to further customize it.
#
# See load_and_authorize_resource to automatically load the resource too.
#
# Options:
@@ -107,17 +129,23 @@ module CanCan
# [:+except+]
# Does not apply before filter to given actions.
#
# [:+name+]
# The name of the resource if it cannot be determined from controller (string or symbol).
# [:+parent+]
# True or false depending on if the resource is considered a parent resource. This defaults to +true+ if a resource
# name is given which does not match the controller.
#
# load_resource :name => :article
# [:+class+]
# The class to use for the model (string or constant). This passed in when the instance variable is not set.
# Pass +false+ if there is no associated class for this resource and it will use a symbol of the resource name.
#
# [:+instance_name+]
# The name of the instance variable for this resource.
#
# [:+resource+]
# The class to use for the model (string or constant). Alternatively pass a symbol
# to represent a resource which does not have a class.
#
def authorize_resource(options = {})
ResourceAuthorization.add_before_filter(self, :authorize_resource, options)
def authorize_resource(*args)
ControllerResource.add_before_filter(self, :authorize_resource, *args)
end
end

121
lib/cancan/controller_resource.rb
View File

@@ -1,54 +1,105 @@
module CanCan
# Used internally to load and authorize a given controller resource.
# This manages finding or building an instance of the resource. If a
# parent is given it will go through the association.
# Handle the load and authorization controller logic so we don't clutter up all controllers with non-interface methods.
# This class is used internally, so you do not need to call methods directly on it.
class ControllerResource # :nodoc:
def initialize(controller, name, parent = nil, options = {})
raise ImplementationRemoved, "The :class option has been renamed to :resource for specifying the class in CanCan." if options.has_key? :class
@controller = controller
@name = name
@parent = parent
@options = options
end
# Returns the class used for this resource. This can be overriden by the :resource option.
# Sometimes one will use a symbol as the resource if a class does not exist for it. In that
# case "find" and "build" should not be called on it.
def model_class
resource_class = @options[:resource]
if resource_class.nil?
@name.to_s.camelize.constantize
elsif resource_class.kind_of? String
resource_class.constantize
else
resource_class # could be a symbol
def self.add_before_filter(controller_class, method, options = {})
controller_class.before_filter(options.slice(:only, :except)) do |controller|
ControllerResource.new(controller, controller.params, options.except(:only, :except)).send(method)
end
end
def find(id)
self.model_instance ||= base.find(id)
def initialize(controller, params, *args)
@controller = controller
@params = params
@options = args.extract_options!
@name = args.first
raise CanCan::ImplementationRemoved, "The :nested option is no longer supported, instead use :through with separate load/authorize call." if @options[:nested]
raise CanCan::ImplementationRemoved, "The :name option is no longer supported, instead pass the name as the first argument." if @options[:name]
raise CanCan::ImplementationRemoved, "The :resource option has been renamed back to :class, use false if no class." if @options[:resource]
end
# Build a new instance of this resource. If it is a class we just call "new" otherwise
# it's an associaiton and "build" is used.
def build(attributes)
self.model_instance ||= (base.kind_of?(Class) ? base.new(attributes) : base.build(attributes))
def load_and_authorize_resource
load_resource
authorize_resource
end
def model_instance
@controller.instance_variable_get("@#{@name}")
def load_resource
if !resource_instance && (parent? || member_action?)
@controller.instance_variable_set("@#{name}", load_resource_instance)
end
end
def model_instance=(instance)
@controller.instance_variable_set("@#{@name}", instance)
def authorize_resource
@controller.authorize!(@params[:action].to_sym, resource_instance || resource_class)
end
def parent?
@options[:parent] || @name && @name != name_from_controller.to_sym
end
private
def load_resource_instance
if !parent? && new_actions.include?(@params[:action].to_sym)
resource_base.kind_of?(Class) ? resource_base.new(attributes) : resource_base.build(attributes)
elsif id_param
resource_base.find(id_param)
end
end
def attributes
@params[name.to_sym]
end
def id_param
@params[parent? ? :"#{name}_id" : :id]
end
def member_action?
!collection_actions.include? @params[:action].to_sym
end
# Returns the class used for this resource. This can be overriden by the :class option.
# If +false+ is passed in it will use the resource name as a symbol in which case it should
# only be used for authorization, not loading since there's no class to load through.
def resource_class
case @options[:class]
when false then name.to_sym
when nil then name.to_s.camelize.constantize
when String then @options[:class].constantize
else @options[:class]
end
end
def resource_instance
@controller.instance_variable_get("@#{name}")
end
# The object that methods (such as "find", "new" or "build") are called on.
# If there is a parent it will be the association, otherwise it will be the model's class.
def base
@parent ? @parent.model_instance.send(@name.to_s.pluralize) : model_class
# If the :through option is passed it will go through an association on that instance.
def resource_base
through_resource ? through_resource.send(name.to_s.pluralize) : resource_class
end
# The object to load this resource through.
def through_resource
@options[:through] && @controller.instance_variable_get("@#{@options[:through]}")
end
def name
@name || name_from_controller
end
def name_from_controller
@params[:controller].sub("Controller", "").underscore.split('/').last.singularize
end
def collection_actions
[:index] + [@options[:collection]].flatten
end
def new_actions
[:new, :create] + [@options[:new]].flatten
end
end
end

70
lib/cancan/resource_authorization.rb
View File

@@ -1,70 +0,0 @@
module CanCan
# Handle the load and authorization controller logic so we don't clutter up all controllers with non-interface methods.
# This class is used internally, so you do not need to call methods directly on it.
class ResourceAuthorization # :nodoc:
def self.add_before_filter(controller_class, method, options = {})
controller_class.before_filter(options.slice(:only, :except)) do |controller|
ResourceAuthorization.new(controller, controller.params, options.except(:only, :except)).send(method)
end
end
def initialize(controller, params, options = {})
@controller = controller
@params = params
@options = options
end
def load_and_authorize_resource
load_resource
authorize_resource
end
def load_resource
if collection_actions.include? @params[:action].to_sym
parent_resource
else
if new_actions.include? @params[:action].to_sym
resource.build(@params[model_name.to_sym])
elsif @params[:id]
resource.find(@params[:id])
end
end
end
def authorize_resource
@controller.authorize!(@params[:action].to_sym, resource.model_instance || resource.model_class)
end
private
def resource
@resource ||= ControllerResource.new(@controller, model_name, parent_resource, @options)
end
def parent_resource
parent = nil
[@options[:nested]].flatten.compact.each do |name|
id = @params["#{name}_id".to_sym]
if id
parent = ControllerResource.new(@controller, name, parent)
parent.find(id)
else
parent = nil
end
end
parent
end
def model_name
@options[:name] || @params[:controller].sub("Controller", "").underscore.split('/').last.singularize
end
def collection_actions
[:index] + [@options[:collection]].flatten
end
def new_actions
[:new, :create] + [@options[:new]].flatten
end
end
end