aishek/application_controller.rb

## application_controller.rb
# app/controllers/web/application_controller.rb

class Web::ApplicationController < ApplicationController
  include Concerns::Auth

  rescue_from AccessDenied, :with => :access_denied_handler


  private

  def can?(action, subject = current_user)
    abilities << subject
    abilities.allowed?(current_user, action, subject)
  end

  def current_user_session
    @current_user_session ||= ::User::Session.find
  end

  def current_user
    @current_user ||= (current_user_session && current_user_session.record) || Guest.new
  end

  def access_denied_handler
    flash[:error] = t('helpers.auth.unauthorized')
    redirect_back_or_default auth_login_path
  end
end

## auth.rb
# app/controllers/concerns/auth.rb

module Concerns::Auth
  extend ActiveSupport::Concern

  class AccessDenied < RuntimeError; end

  included do
    helper_method :can?

    after_action :store_location, :if => lambda {|controller| controller.request.get? && controller.request.format == :html}
  end


  private

  def abilities
    @abilities ||= Six.new
  end

  def can?(action, subject)
    # override like:
    #
    # abilities << subject
    # abilities.allowed?(current_user, action, subject)

    raise NotImplementedError
  end

  def authorize!(action, subject = self)
    raise AccessDenied unless can?(action, subject)
  end

  def store_location
    session[:return_to] = request.protocol + request.host_with_port + request.path
    true
  end

  def redirect_back_or_default(default, options = {})
    return_to = session[:return_to].blank? ? default : session[:return_to]
    session[:return_to] = nil

    respond_to do |format|
      format.js { render :js => "window.location.href = '\#{j return_to}';" }
      format.html { redirect_to return_to, options }
    end
  end
end

## guest.rb
# app/models/guest.rb

class Guest
  include Allowed::GuestRules
end

## guest_rules.rb
# lib/allowed/guest_rules.rb

module Allowed::GuestRules
  extend ActiveSupport::Concern

  def allowed(object, subject)
    rules = []
    return rules unless subject.kind_of?(::Guest)

    rules
  end
end

## user_rules.rb
# lib/allowed/user_rules.rb

module Allowed::UserRules
  extend ActiveSupport::Concern

  def allowed(object, subject)
    rules = []
    return rules unless subject.kind_of?(::User)

    if object && object.persisted?
      rules << :show
      rules << :friends if subject == object
      rules << :update if subject == object
    else
      rules << :create
    end

    rules
  end
end
	# app/controllers/web/application_controller.rb

	class Web::ApplicationController < ApplicationController
	include Concerns::Auth

	rescue_from AccessDenied, :with => :access_denied_handler


	private

	def can?(action, subject = current_user)
	abilities << subject
	abilities.allowed?(current_user, action, subject)
	end

	def current_user_session
	@current_user_session \|\|= ::User::Session.find
	end

	def current_user
	@current_user \|\|= (current_user_session && current_user_session.record) \|\| Guest.new
	end

	def access_denied_handler
	flash[:error] = t('helpers.auth.unauthorized')
	redirect_back_or_default auth_login_path
	end
	end
	# app/controllers/concerns/auth.rb

	module Concerns::Auth
	extend ActiveSupport::Concern

	class AccessDenied < RuntimeError; end

	included do
	helper_method :can?

	after_action :store_location, :if => lambda {\|controller\| controller.request.get? && controller.request.format == :html}
	end


	private

	def abilities
	@abilities \|\|= Six.new
	end

	def can?(action, subject)
	# override like:
	#
	# abilities << subject
	# abilities.allowed?(current_user, action, subject)

	raise NotImplementedError
	end

	def authorize!(action, subject = self)
	raise AccessDenied unless can?(action, subject)
	end

	def store_location
	session[:return_to] = request.protocol + request.host_with_port + request.path
	true
	end

	def redirect_back_or_default(default, options = {})
	return_to = session[:return_to].blank? ? default : session[:return_to]
	session[:return_to] = nil

	respond_to do \|format\|
	format.js { render :js => "window.location.href = '\#{j return_to}';" }
	format.html { redirect_to return_to, options }
	end
	end
	end
	# app/models/guest.rb

	class Guest
	include Allowed::GuestRules
	end
	# lib/allowed/guest_rules.rb

	module Allowed::GuestRules
	extend ActiveSupport::Concern

	def allowed(object, subject)
	rules = []
	return rules unless subject.kind_of?(::Guest)

	rules
	end
	end
	# lib/allowed/user_rules.rb

	module Allowed::UserRules
	extend ActiveSupport::Concern

	def allowed(object, subject)
	rules = []
	return rules unless subject.kind_of?(::User)

	if object && object.persisted?
	rules << :show
	rules << :friends if subject == object
	rules << :update if subject == object
	else
	rules << :create
	end

	rules
	end
	end