Created
December 12, 2011 13:04
-
-
Save steveklabnik/1467062 to your computer and use it in GitHub Desktop.
Wtf cancan?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Article is a normal AR class, no methods, just attributes. free is a boolean attribute. | |
| # | |
| # /articles/1 is free, /articles/2 is not. | |
| # | |
| # I want only logged in users to read non-free articles. But the :free => true line seems to be enabling | |
| # reading all of them; when I comment it out, non-logged-in users can't read anything. But with it | |
| # uncommented, they can read everything. WTF? | |
| # | |
| # User.new.is? :user is false, and so is User.new.is? :admin. | |
| class Ability | |
| include CanCan::Ability | |
| def initialize(user) | |
| user ||= User.new | |
| if user.is? :user | |
| can :show, Article | |
| elsif user.is? :admin | |
| can [:show, :create, :update], Article | |
| else | |
| can :show, Article, :free => true | |
| cannot :show, Article, :free => false | |
| end | |
| end | |
| end | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ArticleRepository | |
| class << self | |
| delegate :find, :new, :to => Article | |
| def root | |
| Article.first | |
| end | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class ArticlesController < ApplicationController | |
| def new | |
| @article = ArticleRepository.new | |
| end | |
| def create | |
| @article = ArticleRepository.new params[:article] | |
| @article.update_attributes(params[:article]) | |
| @article.save | |
| redirect_to article_path(@article) | |
| end | |
| def show | |
| #begin | |
| @article = ArticleRepository.find(params[:id]) | |
| authorize!(:show, @article) | |
| #rescue ActiveRecord::RecordNotFound | |
| # render :create | |
| # return | |
| #end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class User < ActiveRecord::Base | |
| # Include default devise modules. Others available are: | |
| # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable | |
| devise :database_authenticatable, :registerable, | |
| :recoverable, :rememberable, :trackable, :validatable | |
| # Setup accessible (or protected) attributes for your model | |
| attr_accessible :email, :password, :password_confirmation, :remember_me | |
| include RoleModel | |
| roles :admin, :user | |
| end |
Author
@steveklanik i'm curious about it .. i can't wait until next week. :( :~
Author
Here's the one sentence answer: It decreases the coupling in your code.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@guilherme ... pay attention to my blog sometime next week.