Revision 735eca5c
Added by Marek Hulán about 9 years ago
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
instance_variable_get :"@#{resource_name}" or raise 'no resource loaded'
|
||
|
end
|
||
|
|
||
|
def controller_permission
|
||
|
controller_name
|
||
|
end
|
||
|
|
||
|
# overwrites resource_scope in FindCommon to consider nested objects
|
||
|
def resource_scope(options = {})
|
||
|
options[:association] ||= controller_name
|
||
|
options[:association] ||= controller_permission
|
||
|
if nested_obj && nested_obj.respond_to?(options[:association])
|
||
|
association = nested_obj.send(options[:association])
|
||
|
if association.respond_to?(:authorized)
|
||
| app/controllers/concerns/find_common.rb | ||
|---|---|---|
|
|
||
|
def resource_scope(options = {})
|
||
|
@resource_scope ||= begin
|
||
|
options[:controller] ||= controller_name
|
||
|
options[:controller] ||= controller_permission
|
||
|
options[:permission] ||= "#{action_permission}_#{options[:controller]}"
|
||
|
scope = resource_class.scoped
|
||
|
if resource_class.respond_to?(:authorized)
|
||
Also available in: Unified diff
Fixes #9687 - respect custom controller permissions
(cherry picked from commit a63aa7cbac0f81955ac9ebcf010bfcf45f5b07c1)