Revision b2b47290
Added by Petr Chalupa almost 12 years ago
- ID b2b4729059ff89327d7cd86d2e47664a2ce57c46
| app/models/authorization.rb | ||
|---|---|---|
|
return true if User.current and User.current.allowed_to?("#{operation}_#{klasses}".to_sym)
|
||
|
|
||
|
errors.add :base, "You do not have permission to #{operation} this #{klass}"
|
||
|
@permission_failed = operation
|
||
|
false
|
||
|
end
|
||
|
|
||
|
# @return false or name of failed operation
|
||
|
def permission_failed?
|
||
|
return false unless @permission_failed
|
||
|
@permission_failed
|
||
|
end
|
||
|
|
||
|
private
|
||
|
def enforce?
|
||
|
return false if (User.current and User.current.admin?)
|
||
Also available in: Unified diff
api v1 - render errors with rabl
better detection of permission failure in model
fix ApiConstraints
catch bad routes in api and return json