lib/authority/controller.rb in authority-2.8.1 vs lib/authority/controller.rb in authority-2.9.0
- old
+ new
@@ -41,18 +41,19 @@
# @param [Hash] options - can contain :actions to
# be merged with existing
# ones and any other options applicable to a before_filter
def authorize_actions_for(resource_or_finder, options = {})
self.authority_resource = resource_or_finder
- authority_actions(options[:actions] || {})
+ authority_actions(overridden_actions(options))
before_filter :run_authorization_check, options
end
# Allows defining and overriding a controller's map of its actions to the model's authorizer methods
#
# @param [Hash] action_map - controller actions and methods, to be merged with existing action_map
def authority_actions(action_map)
+ authority_action_map.merge!(overridden_actions(action_map))
authority_action_map.merge!(action_map.symbolize_keys)
end
def authority_action(action_map)
Authority.logger.warn "Authority's `authority_action` method has been renamed \
@@ -75,10 +76,17 @@
# @return [Hash] A duplicated copy of the configured controller_action_map
def authority_action_map
@authority_action_map ||= Authority.configuration.controller_action_map.dup
end
+ def overridden_actions(options = {})
+ if forced_action = options.fetch(:all_actions, false)
+ overridden_actions = authority_action_map.inject({}) { |hash, (key, val)| hash.tap { |h| h[key] = forced_action } }
+ end
+ overridden_actions || options.fetch(:actions, {})
+ end
+
end
protected
# To be run in a `before_filter`; ensure this controller action is allowed for the user
@@ -116,10 +124,10 @@
end
def instance_authority_resource
return self.class.authority_resource if self.class.authority_resource.is_a?(Class)
send(self.class.authority_resource)
- rescue NoMethodError => e
+ rescue NoMethodError
raise MissingResource.new(
"Trying to authorize actions for '#{self.class.authority_resource}', but can't. \
Must be either a resource class OR the name of a controller instance method that \
returns one.".squeeze(' ')
)