Revision a63aa7cb
Added by Marek Hulán about 9 years ago
app/controllers/api/base_controller.rb | ||
---|---|---|
instance_variable_get :"@#{resource_name}" or raise 'no resource loaded'
|
||
end
|
||
|
||
def controller_permission
|
||
controller_name
|
||
end
|
||
|
||
# overwrites resource_scope in FindCommon to consider nested objects
|
||
def resource_scope(options = {})
|
||
options[:association] ||= controller_name
|
||
options[:association] ||= controller_permission
|
||
if nested_obj && nested_obj.respond_to?(options[:association])
|
||
association = nested_obj.send(options[:association])
|
||
if association.respond_to?(:authorized)
|
Also available in: Unified diff
Fixes #9687 - respect custom controller permissions