README.md in rolypoly-0.1.2 vs README.md in rolypoly-0.2.0

- old
+ new

@@ -91,9 +91,52 @@ end private :current_user_roles end ``` +# Allow roles with a resource +`allow_with_resource` acts similarly to `allow` but executes a resource check on the `SomeCustomerRoleObject` to access the endpoint. + +This requires a method to be defined on `SomeCustomRoleObject` that checks if the resource is valid for that role. + +The `role_resource` needs to be defined on the controller to pass the resource that the role will be validated against. +If `role_resource` is not defined it will be defaulted to an empty hash `{}`. + + +```ruby +class SomeCustomRoleObject + def resource?(resource) + self.resources.includes?(resource) + end +end + +class ProfilesController < ApplicationController + allow_with_resource(:admin).to_access(:index) + allow_with_resource(:owner).to_access(:edit) + publicize(:show) + + def index + current_roles # => [#<SomeCustomRoleObject to_role_string: "admin", resource?: true >] + end + + def edit # Raises permission error before entering this + current_roles # => [] + end + + def show + current_roles # => [] + end + + private def current_user_roles + current_user.roles # => [#<SomeCustomRoleObject to_role_string: "admin", resource?: true>, #<SomeCustomRoleObject to_role_string: "scorekeeper", resource?: false>] + end + + private def role_resource + { resource: params[:resource_id] } + end +end +``` + ## Contributing 1. Fork it 2. Create your feature branch (`git checkout -b my-new-feature`) 3. Commit your changes (`git commit -am 'Add some feature'`)