Revision acfbc458
Added by Marek Hulán about 10 years ago
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
@resource_class ||= resource_name.classify.constantize
|
||
|
end
|
||
|
|
||
|
def resource_scope
|
||
|
@resource_scope ||= resource_class.scoped
|
||
|
def resource_scope(controller = controller_name)
|
||
|
@resource_scope ||= begin
|
||
|
scope = resource_class.scoped
|
||
|
if resource_class.respond_to?(:authorized)
|
||
|
scope.authorized("#{action_permission}_#{controller}", resource_class)
|
||
|
else
|
||
|
scope
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
|
||
|
def api_request?
|
||
| ... | ... | |
|
#
|
||
|
# example:
|
||
|
# @host = Host.find_resource params[:id]
|
||
|
def find_resource
|
||
|
def find_resource(controller = controller_name)
|
||
|
resource = resource_identifying_attributes.find do |key|
|
||
|
next if key=='name' and (params[:id] =~ /\A\d+\z/)
|
||
|
method = "find_by_#{key}"
|
||
|
id = key=='id' ? params[:id].to_i : params[:id]
|
||
|
resource_scope.respond_to?(method) and
|
||
|
(resource = resource_scope.send method, id) and
|
||
|
break resource
|
||
|
scope = resource_scope(controller)
|
||
|
if scope.respond_to?(method)
|
||
|
(resource = scope.send method, id) and break resource
|
||
|
end
|
||
|
end
|
||
|
|
||
|
if resource
|
||
| ... | ... | |
|
if allowed_nested_id.include?(param)
|
||
|
resource_identifying_attributes.each do |key|
|
||
|
find_method = "find_by_#{key}"
|
||
|
@nested_obj ||= md[1].classify.constantize.send(find_method, params[param])
|
||
|
model = md[1].classify.constantize
|
||
|
controller = "#{md[1].pluralize}_#{controller_name}"
|
||
|
authorized_scope = model.authorized("#{action_permission}_#{controller}")
|
||
|
@nested_obj ||= authorized_scope.send(find_method, params[param])
|
||
|
end
|
||
|
else
|
||
|
# there should be a route error before getting here, but just in case,
|
||
| ... | ... | |
|
[]
|
||
|
end
|
||
|
|
||
|
def action_permission
|
||
|
case params[:action]
|
||
|
when 'new', 'create'
|
||
|
'create'
|
||
|
when 'edit', 'update'
|
||
|
'edit'
|
||
|
when 'destroy'
|
||
|
'destroy'
|
||
|
when 'index', 'show', 'status'
|
||
|
'view'
|
||
|
else
|
||
|
raise ::Foreman::Exception.new(N_("unknown permission for %s"), "#{params[:controller]}##{params[:action]}")
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|
||
Also available in: Unified diff
fixes #812 - new permissions model, user group role and nest support, role filters for better granularity
Contributions from: