Sha256: 6e1ac068d399e0f522d7487d0e9d167625273b7e1e9a3accdbb3773b8b4774ed
Contents?: true
Size: 1.5 KB
Versions: 5
Compression:
Stored size: 1.5 KB
Contents
module CanCan
# This module is automatically included into all Active Record models.
module ActiveRecordAdditions
module ClassMethods
# Returns a scope which fetches only the records that the passed ability
# can perform a given action on. The action defaults to :read. This
# is usually called from a controller and passed the +current_ability+.
#
# @articles = Article.accessible_by(current_ability)
#
# Here only the articles which the user is able to read will be returned.
# If the user does not have permission to read any articles then an empty
# result is returned. Since this is a scope it can be combined with any
# other scopes or pagination.
#
# An alternative action can optionally be passed as a second argument.
#
# @articles = Article.accessible_by(current_ability, :update)
#
# Here only the articles which the user can update are returned. This
# internally uses Ability#conditions method, see that for more information.
def accessible_by(ability, action = :read)
query = ability.query(action, self)
if respond_to? :where
where(query.conditions).joins(query.joins)
else
scoped(:conditions => query.conditions, :joins => query.joins)
end
end
end
def self.included(base)
base.extend ClassMethods
end
end
end
if defined? ActiveRecord
ActiveRecord::Base.class_eval do
include CanCan::ActiveRecordAdditions
end
end
Version data entries
5 entries across 5 versions & 1 rubygems