paulgroves/role_authentication.rb

## role_authentication.rb
module RoleAuthentication

  extend ActiveSupport::Concern

  included do
    append_before_filter :authorize_action
  end

  module ClassMethods
    [:allow, :deny].each do |auth_action|
      define_method "#{auth_action}_roles" do |roles, *args|
        roles = [roles] unless roles.is_a? Array

        self.class_eval do
          prepend_before_filter -> { edit_roles roles, auth_action }, *args
        end
      end
    end
  end

  private

  def edit_roles(roles, action)
    init_roles

    case action
    when :allow
      @allowed_roles |= (roles & Roles::ALL)
    when :deny
      @denied_roles |= (roles & Roles::ALL)
    end
  end

  def authorize_action
    init_roles

    valid_roles = @allowed_roles - @denied_roles
    Rails.logger.debug("AUTHORIZED ROLES FOR #{self.controller_name}##{self.action_name}: #{valid_roles}")
    deny_access unless valid_roles.any? && valid_roles.any?{ |r| current_user.send("is_#{r}") }
  end

  def init_roles
    @allowed_roles ||= []
    @denied_roles ||= []
  end

end
	module RoleAuthentication

	extend ActiveSupport::Concern

	included do
	append_before_filter :authorize_action
	end

	module ClassMethods
	[:allow, :deny].each do \|auth_action\|
	define_method "#{auth_action}_roles" do \|roles, *args\|
	roles = [roles] unless roles.is_a? Array

	self.class_eval do
	prepend_before_filter -> { edit_roles roles, auth_action }, *args
	end
	end
	end
	end

	private

	def edit_roles(roles, action)
	init_roles

	case action
	when :allow
	@allowed_roles \|= (roles & Roles::ALL)
	when :deny
	@denied_roles \|= (roles & Roles::ALL)
	end
	end

	def authorize_action
	init_roles

	valid_roles = @allowed_roles - @denied_roles
	Rails.logger.debug("AUTHORIZED ROLES FOR #{self.controller_name}##{self.action_name}: #{valid_roles}")
	deny_access unless valid_roles.any? && valid_roles.any?{ \|r\| current_user.send("is_#{r}") }
	end

	def init_roles
	@allowed_roles \|\|= []
	@denied_roles \|\|= []
	end

	end