Skip to content

Instantly share code, notes, and snippets.

@forced-request
Created April 15, 2014 14:08
Show Gist options
  • Save forced-request/10735707 to your computer and use it in GitHub Desktop.
Save forced-request/10735707 to your computer and use it in GitHub Desktop.
class ApplicationController < ActionController::Base
ensure_authorization_performed :except => [:index, :search], :if => :auditing_security?, :unless => :devise_controller?
private
def auditing_security?
Rails.env != 'production'
end
# Send 'em back where they came from with a slap on the wrist
def authority_forbidden(error)
Authority.logger.warn(error.message)
redirect_to request.referrer.presence || root_path, :alert => 'You are not authorized to complete that action.'
end
end
class Framework < ActiveRecord::Base
include Authority::Abilities
self.authorizer_name = 'InfoDatabaseAuthorizer'
end
class FrameworksController < AuthenticatedController
authorize_actions_for Framework
def index
@frameworks = Framework.all
end
def new
@framework = Framework.new
end
end
class InfoDatabaseAuthorizer < ApplicationAuthorizer
def self.default(adjective, user)
user.has_role? :admin
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment