Created
November 24, 2010 10:34
-
-
Save timruffles/713455 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# To specify custom behavior that will be taken if the validation fails, pass a block to this method. | |
# It'll be called with |reason, default_action_as_proc| | |
def validate_rights(action, object = nil, message = nil) | |
@validate_rights_has_been_called = true | |
return true if action == :unprotected | |
take_action = false | |
respond_to do |format| | |
if !logged_in? | |
reason = :not_logged_in | |
format.html do | |
take_action = lambda do | |
session[:redirect_url] = request.url | |
flash[:notice] = "You must be logged in to do that" | |
redirect_to login_path and return false | |
end | |
end | |
format.js do | |
take_action = lambda { head :unauthorized and return false } | |
end | |
else | |
reason = :acl_failed | |
format.html do | |
unless current_user.is_allowed_to?(action, object) | |
take_action = lambda do | |
flash[:notice] = message if message.present? | |
redirect_to(login_path) and return false | |
end | |
end | |
end | |
format.js do | |
unless current_user.is_allowed_to?(action, object) | |
take_action = lambda { render_bad_request and return false } | |
end | |
end | |
format.csv do | |
unless current_user.is_allowed_to?(action, object) | |
take_action = lambda { render_bad_request and return false } | |
end | |
end | |
end | |
end | |
if take_action | |
block_given? ? yield(reason, take_action) : take_action.call | |
end | |
true | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment