Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # acl.rb
- roles do
- role :guest
- role :tulper
- role :owner
- role :admin
- end
- asserts do
- assert :owner, [:user_id] do
- subject.owner.id == user_id
- end
- assert :not_owner, [:user_id] do
- subject.owner.id != user_id
- end
- end
- resource "BusinessController" do
- privilege :show
- privilege :edit do
- # указываем роль, т.к. guest также не является владельцем
- pass :not_owner, [:tulper]
- end
- privilege :update do
- pass :not_owner, [:tupler]
- end
- end
- resource "Owners::BusinessController" do
- privilege :show do
- pass :owner
- end
- privilege :edit do
- pass :owner
- end
- privilege :update do
- pass :owner
- end
- end
- # types/business.rb
- resource "Business" do
- type :create do
- attr_accessible :name, :city, :contact
- end
- type :edit do
- # Do not list city attr.
- attr_accessible :name
- attr_accessible :name, :credit_rating, :as => :admin
- #def assign_attributes(values, options = {})
- # sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
- # send("#{k}=", v)
- # end
- #end
- end
- end
- # policies/busnesses.rb
- roles do
- role :admin
- role :tulper
- role :bulb
- role :flower
- role :bouquet
- end
- asserts do
- assert :allowed_attrs, [:disallow_attrs] do
- (subject.changed & disallow_attrs.map(&:to_s)).empty?
- end
- end
- resource "Business" do
- privilege :update do
- pass [:creator, :not_approved], [:tulper]
- pass :allowed_attrs, [:tulper], disallow_attrs: [:name]
- end
- end
- #access_schema_helper.rb
- class AccessSchemaHelper
- # before_filter { required! :reviews, :delete }
- #
- def required!(route_method, action = nil, options = {})
- url_options = send "hash_for_#{route_method}_path"
- resource = "#{url_options[:controller].to_s.camelize}Controller"
- privilege = action || url_options[:action]
- acl.require! resource, privilege, options
- end
- # - if can? :reviews, :delete, :subject => review
- # = link_to "Delete", review_path(review)
- def can?(*args)
- required!(*args)
- rescue AccessSchema::NotAllowed => e
- false
- else
- true
- end
- def acl
- AccessSchema.schema(:acl).with_options({
- roles: current_roles,
- user_id: current_user.try(:id)
- })
- end
- # Use in controllers and views
- # tarifF plans or other domain logic policies
- #
- # policy.allow? review, :add_photo
- #
- def policy
- # Policy have to check actor roles and subject owner state (tariff plans for example)
- # to evaluate permission. So we pass proc and deal with particular subject to
- # calculate roles.
- #
- roles_calculator = proc do |options|
- plan = options[:subject].try(:owner).try(:plan)
- plan ||= [ current_user.try(:plan) || :none ]
- current_roles | plan
- end
- AccessSchema.schema(:policy).with_options({
- roles: roles_calculator,
- user_id: current_user.try(:id)
- })
- end
- end
- # controllers/businesses_controller.rb
- class BusinessesController < ApplicationController
- before_filter only: [:show, :index] do
- required! :onwers_businesses
- end
- before_filter only: [:new, :create, :edit, :update] do
- required! :onwers_businesses, subject: business_form
- end
- def show
- @business = W::Business.find(params[:id])
- end
- def index
- @businesses = W::Business.order(:rank).all
- end
- def new
- @business = business_form
- end
- def create
- @business = business_form
- @business.attributes = params[:business]
- # при создании бизнеса нет каких то особых правил, которые
- # необходимо выносить в policy
- if @business.save
- redirect_to @business
- else
- render :edit
- end
- end
- def edit
- @business = business_form
- end
- def update
- @business = business_form
- @business.attributes = params[:business]
- policy.require! @business, :update # AR::Dirty
- if @business.save
- redirect_to @business
- else
- render :edit
- end
- end
- private
- def business_type(type)
- FormFactory.build(Business, type)
- end
- def business_form
- @business_form ||= begin
- if params[:id].present?
- business_type(:edit).find(params[:id])
- else
- business_type(:create).new
- end
- end
- end
- end
- # controllers/owners/businesses_controller.rb
- class Owners::BusinessesController < Owners::ApplicationController
- before_filter only: [:show] do
- required! :onwers_businesses
- end
- before_filter only: [:edit, :update] do
- required! :onwers_businesses, subject: business_form
- end
- def show
- @business = W::Business.find(params[:id])
- end
- def edit
- @business = business_form
- end
- def update
- @business = business_form
- @business.attributes = params[:business]
- if @business.save
- redirect_to @business
- else
- render :edit
- end
- end
- private
- def business_form
- @business_form ||= FormFactory.build(Business, :edit).find(params[:id])
- end
- end
- # services/business_service.rb
- class BusinessService < Services::Base
- def update_as_owner(business_id, attrs, options)
- @business = FormFactory.build(Business, :edit_as_owner).find(business_id)
- @business.attributes = attrs
- policy(options[:actor]).require! @business, :update
- @business.save!
- end
- end
Add Comment
Please, Sign In to add comment