· 2 min read

Screencast: Declarative Authorization

Dowload: Download (36.4 MB, 15:27) Alternative download für iPod & Apple TV (21.6 MB, 15:27)

Resourcen:

Quellcode:

[bash] sudo rake gems:install [/bash]

[ruby] # config/environment.rb config.gem “declarative_authorization”, :source => “http://gemcutter.org

# config/authorization_rules.rb authorization do role :admin do has_permission_on [:articles, :comments], :to => [:index, :show, :new, :create, :edit, :update, :destroy] end

role :guest do has_permission_on :articles, :to => [:index, :show] has_permission_on :comments, :to => [:new, :create] has_permission_on :comments, :to => [:edit, :update] do if_attribute :user => is { user } end end

role :moderator do includes :guest has_permission_on :comments, :to => [:edit, :update] end

role :author do includes :guest has_permission_on :articles, :to => [:new, :create] has_permission_on :articles, :to => [:edit, :update] do if_attribute :user => is { user } end end end

# application_controller.rb before_filter { |c| Authorization.current_user = c.current_user }

protected

def permission_denied flash[:error] = “Sorry, you are not allowed to access that page.” redirect_to root_url end

# articles_controller.rb filter_resource_access [/ruby]

[html]

<% if permitted_to? :edit, @article %> <%= link_to “Edit”, edit_article_path(@article) %> | <% end %> <% if permitted_to? :destroy, @article %> <%= link_to “Destroy”, @article, :method => :delete, :confirm => “Are you sure?” %> | <% end %> <%= link_to “Back to Articles”, articles_path %>

<% if permitted_to? :edit, comment %> <%= link_to “Edit”, edit_comment_path(comment) %> <% end %> <% if permitted_to? :destroy, comment %> | <%= link_to “Destroy”, comment, :method => :delete, :confirm => “Are you sure?” %> <% end %>

<% if permitted\_to? :create, Article.new %>

<%= link\_to "New Article", new\_article\_path %>

<% end %> \[/html\]
Share:
Back to Blog

Related Posts

View All Posts »