Skip to content

Latest commit

 

History

History
59 lines (40 loc) · 1.63 KB

IntegrationWithRailsControllers.md

File metadata and controls

59 lines (40 loc) · 1.63 KB
Raw

[ Back to TheRole ]

Integration with Rails controllers

application_controller.rb

class ApplicationController < ActionController::Base

  include TheRole::Controller

  protect_from_forgery with: :exception
  protect_from_forgery

  # ... code ...
end

Any Rails controller, for instance, pages_controller.rb

class PagesController < ApplicationController
  before_action :login_required, except: [ :index, :show ]
  before_action :role_required,  except: [ :index, :show ]

  # !!! ATTENTION !!!
  #
  # TheRole: You have to set object for ownership check
  # before check ownership via `owner_required` method
  # You can do it with `for_ownership_check(@page)` in `set_page`
  #

  before_action :set_page,       only: [ :edit, :update, :destroy ]
  before_action :owner_required, only: [ :edit, :update, :destroy ]

  private

  def set_page
    @page = Page.find params[:id]

    # TheRole: object for ownership checking
    for_ownership_check(@page)
  end
end

Please, learn simple source code of restriction methods:

  1. login_required
  2. role_required
  3. owner_required

In this case login_required is a method :authenticate_user! from Devise gem

[ Back to TheRole ]