Revision b2b47290
Added by Petr Chalupa almost 12 years ago
- ID b2b4729059ff89327d7cd86d2e47664a2ce57c46
app/models/authorization.rb | ||
---|---|---|
return true if User.current and User.current.allowed_to?("#{operation}_#{klasses}".to_sym)
|
||
|
||
errors.add :base, "You do not have permission to #{operation} this #{klass}"
|
||
@permission_failed = operation
|
||
false
|
||
end
|
||
|
||
# @return false or name of failed operation
|
||
def permission_failed?
|
||
return false unless @permission_failed
|
||
@permission_failed
|
||
end
|
||
|
||
private
|
||
def enforce?
|
||
return false if (User.current and User.current.admin?)
|
Also available in: Unified diff
api v1 - render errors with rabl
better detection of permission failure in model
fix ApiConstraints
catch bad routes in api and return json