pier-oliviert · June 26, 2013 16:43
diff --git a/applicationcontroller.rb b/applicationcontroller.rb
 class ApplicationController < ActionController::Base
  protect_from_forgery
  before_filter :authenticate_user!
  before_filter :restrict_routes!

  cattr_reader :restrictions

  def self.allow(kls, *actions)
    @@restrictions ||= Restrictions.new
    self.restrictions.add self, kls, actions
  end

  protected

  def restrict_routes!
    return if self.restrictions.nil?
    return if self.restrictions.authorized?(self.class, current_user.class, action_name)
    restricted!
  end

  def allow!(kls, &block)
    return unless current_user.instance_of?(kls)
    unless block.call
      restricted!
    end
  end

  def restricted!
    flash.notice = "You are not authorized"
    redirect_to :root and return
  end

 end

 class Restrictions
  def initialize
    @controllers = Hash.new
  end

  def add(controller_class, klass, *actions)
    @controllers[controller_class] ||= Hash.new
    @controllers[controller_class][klass] = actions.flatten
  end

  def authorized?(controller_class, klass, action)
    controller = @controllers.fetch(controller_class, {})
    return true if controller.blank?
    available_actions = controller.fetch(klass, [])
    return true if available_actions.blank?
    available_actions.include?(action.to_sym)
  end
 end
diff --git a/applicationhelper.rb b/applicationhelper.rb
 module ApplicationHelper
  def can?(controller, action)
    controller.restrictions.authorized? controller, current_user.class, action
  end
 end
diff --git a/users_controller.rb b/users_controller.rb
 class UsersController < ApplicationController
  allow User, :show, :edit, :update
  allow Admin, :all

  def edit
    allow! User do
      current_user.eql? @user
    end
  end
 end
	class ApplicationController < ActionController::Base
	protect_from_forgery
	before_filter :authenticate_user!
	before_filter :restrict_routes!

	cattr_reader :restrictions

	def self.allow(kls, *actions)
	@@restrictions \|\|= Restrictions.new
	self.restrictions.add self, kls, actions
	end

	protected

	def restrict_routes!
	return if self.restrictions.nil?
	return if self.restrictions.authorized?(self.class, current_user.class, action_name)
	restricted!
	end

	def allow!(kls, &block)
	return unless current_user.instance_of?(kls)
	unless block.call
	restricted!
	end
	end

	def restricted!
	flash.notice = "You are not authorized"
	redirect_to :root and return
	end

	end

	class Restrictions
	def initialize
	@controllers = Hash.new
	end

	def add(controller_class, klass, *actions)
	@controllers[controller_class] \|\|= Hash.new
	@controllers[controller_class][klass] = actions.flatten
	end

	def authorized?(controller_class, klass, action)
	controller = @controllers.fetch(controller_class, {})
	return true if controller.blank?
	available_actions = controller.fetch(klass, [])
	return true if available_actions.blank?
	available_actions.include?(action.to_sym)
	end
	end
	module ApplicationHelper
	def can?(controller, action)
	controller.restrictions.authorized? controller, current_user.class, action
	end
	end
	class UsersController < ApplicationController
	allow User, :show, :edit, :update
	allow Admin, :all

	def edit
	allow! User do
	current_user.eql? @user
	end
	end
	end