Created
April 1, 2010 03:00
-
-
Save brand-it/351275 to your computer and use it in GitHub Desktop.
It is a creative way to create access levels for the admin and any other type of users. Very scalable.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Filters added to this controller apply to all controllers in the application. | |
| # Likewise, all the methods added will be available for all controllers. | |
| # Make sure that all the methods that redirect are handled in the controllers. | |
| class ApplicationController < ActionController::Base | |
| include AuthenticatedSystem | |
| include Userstamp | |
| include ExceptionLoggable | |
| local_addresses.clear | |
| helper :all # include all helpers, all the time | |
| protect_from_forgery # See ActionController::RequestForgeryProtection for details | |
| layout "main" | |
| # No passwords are logged this way | |
| filter_parameter_logging :password_confirmation, :password | |
| # Failed authorization should all ways come before the return. Makes sure that the test | |
| # and the views are redirected before they are returned false. | |
| def correct_user(user_id, options = {}) | |
| if !current_user.nil? | |
| if current_user.id == user_id || user_type_four_authorized(:ignore_redirect => true, :ignore_flash_error => true) | |
| return true | |
| else | |
| failed_authorization(options) | |
| return false | |
| end | |
| else | |
| failed_authorization(options) | |
| return false | |
| end | |
| end | |
| # Access level numbers are 1, 2, 4, 8 | |
| # All permutations are currently being calculated in the Application Helper | |
| # May need to come up with a better means of calculating that. | |
| # User_type_one access level is 1 | |
| # Had to use _authorized because job has a method called user_type_one | |
| def user_type_one_authorized(options = {}) | |
| authorization([user_type_one, user_type_two, user_type_three, user_type_four], options) | |
| end | |
| # User_type_two access level is 2 | |
| def user_type_three_authorized(options = {}) | |
| authorization([user_type_two, user_type_three, user_type_four], options) | |
| end | |
| # User_type_three access level is 4 | |
| def user_type_three_authorized(options = {}) | |
| # Access should only let the user create jobs and user type two | |
| authorization([user_type_three, user_type_four], options) | |
| end | |
| # User_type_four access level is 8 | |
| def user_type_four_authorized(options = {}) | |
| auth = authorization([user_type_four], options) | |
| end | |
| def user_type_one | |
| return 1 | |
| end | |
| def user_type_two | |
| return 2 | |
| end | |
| def user_type_three | |
| return 4 | |
| end | |
| def user_type_four | |
| return 8 | |
| end | |
| # Admin should be able to do every thing. No mater what it is. | |
| # Need to pass an array into this in order for it to work. | |
| def authorization(levels, options = {}) | |
| granted = false | |
| for level in levels | |
| if self.current_user and self.current_user.access_level == level | |
| granted = true | |
| end | |
| end | |
| if granted | |
| return granted | |
| else | |
| failed_authorization(options) | |
| return granted | |
| end | |
| end | |
| # Change this in order to change were the user is redirected if he does not have access to page. | |
| def failed_authorization(options = {}) | |
| unless options[:ignore_flash_error] | |
| flash[:error] = options[:flash_error] || "You do not have access to this page. Please Login to a user that does." | |
| end | |
| unless options[:ignore_redirect] == true | |
| redirect_to new_session_path | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment