refactoring out controller logic into separate ResourceAuthorization class - closes #11

2009-11-26 09:29:53 -08:00
parent e92a7d8bf4
commit da5a5c031f
6 changed files with 118 additions and 80 deletions
--- a/lib/cancan.rb
+++ b/lib/cancan.rb
@@ -5,4 +5,5 @@ module CanCan
 end

 require File.dirname(__FILE__) + '/cancan/ability'
+require File.dirname(__FILE__) + '/cancan/resource_authorization'
 require File.dirname(__FILE__) + '/cancan/controller_additions'
--- a/lib/cancan/controller_additions.rb
+++ b/lib/cancan/controller_additions.rb
@@ -83,7 +83,7 @@ module CanCan
    #   before_filter :load_resource
    # 
    def load_resource # TODO this could use some refactoring
-      self.model_instance = params[:id] ? model_class.find(params[:id]) : model_class.new(params[model_name.to_sym]) unless params[:action] == "index"
+      ResourceAuthorization.new(self, params).load_resource
    end
    
    # Authorizes the resource in the current instance variable. For example,
@@ -99,7 +99,7 @@ module CanCan
    # 
    # See load_and_authorize_resource to automatically load the resource too.
    def authorize_resource # TODO this could use some refactoring
-      unauthorized! if cannot?(params[:action].to_sym, model_instance || model_class)
+      ResourceAuthorization.new(self, params).authorize_resource
    end
    
    # Calls load_resource to load the current resource model into an instance variable. 
@@ -109,28 +109,8 @@ module CanCan
    #   before_filter :load_and_authorize_resource
    # 
    def load_and_authorize_resource
-      load_resource
-      authorize_resource
+      ResourceAuthorization.new(self, params).load_and_authorize_resource
    end
-    
-    private
-    
-    def model_name
-       params[:controller].split('/').last.singularize
-    end
-    
-    def model_class
-      model_name.camelcase.constantize
-    end
-    
-    def model_instance
-      instance_variable_get("@#{model_name}")
-    end
-    
-    def model_instance=(instance)
-      instance_variable_set("@#{model_name}", instance)
-    end
-    
  end
 end

--- a/lib/cancan/resource_authorization.rb
+++ b/lib/cancan/resource_authorization.rb
@@ -0,0 +1,41 @@
+module CanCan
+  class ResourceAuthorization # :nodoc:
+    attr_reader :params
+    
+    def initialize(controller, params)
+      @controller = controller
+      @params = params
+    end
+    
+    def load_and_authorize_resource
+      load_resource
+      authorize_resource
+    end
+    
+    def load_resource
+      self.model_instance = params[:id] ? model_class.find(params[:id]) : model_class.new(params[model_name.to_sym]) unless params[:action] == "index"
+    end
+    
+    def authorize_resource
+      @controller.unauthorized! if @controller.cannot?(params[:action].to_sym, model_instance || model_class)
+    end
+    
+    private
+    
+    def model_name
+      params[:controller].split('/').last.singularize
+    end
+    
+    def model_class
+      model_name.camelcase.constantize
+    end
+    
+    def model_instance
+      @controller.instance_variable_get("@#{model_name}")
+    end
+    
+    def model_instance=(instance)
+      @controller.instance_variable_set("@#{model_name}", instance)
+    end
+  end
+end