README.md in rolypoly-0.1.2 vs README.md in rolypoly-0.2.0
- old
+ new
@@ -91,9 +91,52 @@
end
private :current_user_roles
end
```
+# Allow roles with a resource
+`allow_with_resource` acts similarly to `allow` but executes a resource check on the `SomeCustomerRoleObject` to access the endpoint.
+
+This requires a method to be defined on `SomeCustomRoleObject` that checks if the resource is valid for that role.
+
+The `role_resource` needs to be defined on the controller to pass the resource that the role will be validated against.
+If `role_resource` is not defined it will be defaulted to an empty hash `{}`.
+
+
+```ruby
+class SomeCustomRoleObject
+ def resource?(resource)
+ self.resources.includes?(resource)
+ end
+end
+
+class ProfilesController < ApplicationController
+ allow_with_resource(:admin).to_access(:index)
+ allow_with_resource(:owner).to_access(:edit)
+ publicize(:show)
+
+ def index
+ current_roles # => [#<SomeCustomRoleObject to_role_string: "admin", resource?: true >]
+ end
+
+ def edit # Raises permission error before entering this
+ current_roles # => []
+ end
+
+ def show
+ current_roles # => []
+ end
+
+ private def current_user_roles
+ current_user.roles # => [#<SomeCustomRoleObject to_role_string: "admin", resource?: true>, #<SomeCustomRoleObject to_role_string: "scorekeeper", resource?: false>]
+ end
+
+ private def role_resource
+ { resource: params[:resource_id] }
+ end
+end
+```
+
## Contributing
1. Fork it
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)