Revision 735eca5c
Added by Marek Hulán about 9 years ago
app/controllers/api/base_controller.rb | ||
---|---|---|
instance_variable_get :"@#{resource_name}" or raise 'no resource loaded'
|
||
end
|
||
|
||
def controller_permission
|
||
controller_name
|
||
end
|
||
|
||
# overwrites resource_scope in FindCommon to consider nested objects
|
||
def resource_scope(options = {})
|
||
options[:association] ||= controller_name
|
||
options[:association] ||= controller_permission
|
||
if nested_obj && nested_obj.respond_to?(options[:association])
|
||
association = nested_obj.send(options[:association])
|
||
if association.respond_to?(:authorized)
|
app/controllers/concerns/find_common.rb | ||
---|---|---|
|
||
def resource_scope(options = {})
|
||
@resource_scope ||= begin
|
||
options[:controller] ||= controller_name
|
||
options[:controller] ||= controller_permission
|
||
options[:permission] ||= "#{action_permission}_#{options[:controller]}"
|
||
scope = resource_class.scoped
|
||
if resource_class.respond_to?(:authorized)
|
Also available in: Unified diff
Fixes #9687 - respect custom controller permissions
(cherry picked from commit a63aa7cbac0f81955ac9ebcf010bfcf45f5b07c1)