Skip to content

Instantly share code, notes, and snippets.

@hassox

hassox/post.rb

Created October 28, 2008 01:30
Show Gist options
  • Save hassox/20264 to your computer and use it in GitHub Desktop.
Save hassox/20264 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
post.rb
# authorize :some_label => ["list", "of", "strategies"]
class Post
authorize :edit => ["my_strategy", "another_one"],
:create => "some_other_strategy",
:view => "view_strategy"
end
Raw
posts.rb
class Posts < Application
authorize! Post, :view, :only => [:index]
# Other actions need to know what object they're operating on
def show(id)
@post = Post.get(id)
authorize!(@post, :view) #raises a Forbidden exception
display @post
end
def edit(id)
only_provides :html
@post = Post.get(id)
if session.user.can(@post, :edit)
render
else
redirect resource(:posts), :message => {:error => "You can't edit this"}
end
end
def update(id, post)
@post = Post.get(id)
authorize!(@post, :view)
@post.update_attributes(post)
display @post
end
def create(post)
authorize!(Post, :create)
@post = Post.create(post)
redirect resource(@post)
end
def delete(id)
@post = Post.get(id)
authorize!(@post, "owner_only", "admin_only")
display @post
end
def destroy(id)
@post = Post.get(id)
authorize!(@post, "owner_only", "admin_only")
@post.destroy
redirect resource(:posts)
end
end
Raw
show.html.haml
= authorized?(@post, :edit) do
= link_to "Edit", url(:edit_post, @post)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment