pier-oliviert · August 6, 2013 18:53
diff --git a/application_controller.rb b/application_controller.rb
 class ApplicationController < ActionController::Base
  protect_from_forgery
  prepend_before_filter :authenticate!

  before_filter :restrict_routes!

  cattr_accessor :skipping_authentication

  rescue_from Exits::Unauthorized do |exception|
    flash.alert = t("restrictions.unauthorized")
    redirect_to :root and return
  end

  def self.allow(kls, *actions)
    self.restrictions.add self, kls, actions
  end

  def self.restrictions
    @@restrictions ||= Exits.new
  end
  
  protected

  def restrict_routes!
    return if self.class.restrictions.authorized?(self.class, current_user.class, action_name)
    restricted!
  end

  def allow!(kls, &block)
    return unless current_user.instance_of?(kls)
    unless yield
      restricted!
    end
  end

  def restricted!
    raise Exits::Unauthorized
  end

 end
diff --git a/exits.rb b/exits.rb
 class Exits
  def initialize
    @controllers = Hash.new
  end

  def add(controller_class, klass, *actions)
    @controllers[controller_class] ||= Hash.new
    @controllers[controller_class][klass] = actions.flatten
  end

  def authorized?(controller_class, klass, action)
    controller = @controllers.fetch(controller_class, {})
    return true if controller.blank?
    available_actions = controller.fetch(klass, [])
    return true if available_actions.blank? || available_actions.include?(:all)
    available_actions.include?(action.to_sym)
  end

  class Unauthorized < StandardError; end;
 end
diff --git a/my_controller.rb b/my_controller.rb
 class MyController < ApplicationController::Base
  allow Admin, :all
  allow User, :show, :edit
  
  def edit
    @user = User.find params[:id].to_i
    allow! User do
      current_user.eql? @user
    end
  end
 end
	class ApplicationController < ActionController::Base
	protect_from_forgery
	prepend_before_filter :authenticate!

	before_filter :restrict_routes!

	cattr_accessor :skipping_authentication

	rescue_from Exits::Unauthorized do \|exception\|
	flash.alert = t("restrictions.unauthorized")
	redirect_to :root and return
	end

	def self.allow(kls, *actions)
	self.restrictions.add self, kls, actions
	end

	def self.restrictions
	@@restrictions \|\|= Exits.new
	end

	protected

	def restrict_routes!
	return if self.class.restrictions.authorized?(self.class, current_user.class, action_name)
	restricted!
	end

	def allow!(kls, &block)
	return unless current_user.instance_of?(kls)
	unless yield
	restricted!
	end
	end

	def restricted!
	raise Exits::Unauthorized
	end

	end
	class Exits
	def initialize
	@controllers = Hash.new
	end

	def add(controller_class, klass, *actions)
	@controllers[controller_class] \|\|= Hash.new
	@controllers[controller_class][klass] = actions.flatten
	end

	def authorized?(controller_class, klass, action)
	controller = @controllers.fetch(controller_class, {})
	return true if controller.blank?
	available_actions = controller.fetch(klass, [])
	return true if available_actions.blank? \|\| available_actions.include?(:all)
	available_actions.include?(action.to_sym)
	end

	class Unauthorized < StandardError; end;
	end
	class MyController < ApplicationController::Base
	allow Admin, :all
	allow User, :show, :edit

	def edit
	@user = User.find params[:id].to_i
	allow! User do
	current_user.eql? @user
	end
	end
	end