Role auth

role_authentication.rb

module RoleAuthentication

  extend ActiveSupport::Concern

  included do
    append_before_filter :authorize_action
  end

  module ClassMethods
    [:allow, :deny].each do |auth_action|
      define_method "#{auth_action}_roles" do |roles, *args|
        roles = [roles] unless roles.is_a? Array

        self.class_eval do
          prepend_before_filter -> { edit_roles roles, auth_action }, *args
        end
      end
    end
  end

  private

  def edit_roles(roles, action)
    init_roles

    case action
    when :allow
      @allowed_roles |= (roles & Roles::ALL)
    when :deny
      @denied_roles |= (roles & Roles::ALL)
    end
  end

  def authorize_action
    init_roles

    valid_roles = @allowed_roles - @denied_roles
    Rails.logger.debug("AUTHORIZED ROLES FOR #{self.controller_name}##{self.action_name}: #{valid_roles}")
    deny_access unless valid_roles.any? && valid_roles.any?{ |r| current_user.send("is_#{r}") }
  end

  def init_roles
    @allowed_roles ||= []
    @denied_roles ||= []
  end

end