ruby on rails - CanCan explanation of load_and_authorize_resource -


i know how load_and_authorize_resource works inside. searched github page link , tried undestand , didn't find nothing usefull. understand load_and_authorize_resource before_filter , loads (in way) ability have written in ability.rb

i know better how possible. mean, don't want study gem, want see how cancan load ability of resource in controller , if load_and_authorize_resource sort of before_filter.

disclaimer: sake of simplicity, omit calls short inner methods intentionally. full chain of calling can obtained following load_and_authorize_resource method definition , forth.

as stated in documentation, load_and_authorize_resource sets before_filter...

# cancan/lib/cancan/controller_additions.rb def load_and_authorize_resource(*args)   cancan_resource_class.add_before_filter(self, :load_and_authorize_resource, *args) end

...which calls 2 methods: load_resource , authorize_resource.

# cancan/lib/cancan/controller_resource.rb def load_and_authorize_resource   load_resource   authorize_resource end

to idea of behaviour we're going @ both of them closely.

based on params hash passed controller action, load_resource makes decision on whether should obtain new instance of class (e.g. post.new) or find particular instance based on params[:id] (e.g. post.find(params[:id])). instance (or collection of instances actions index) assigned corresponding instance variable of controller action.

# cancan/lib/cancan/controller_resource.rb def load_resource   unless skip?(:load)     if load_instance?       # here have obtained object, e.g. post id=5       # , placed cancan resource_instance variable.       # has automatically set @post instance variable       # in action       self.resource_instance ||= load_resource_instance     elsif load_collection?       self.collection_instance ||= load_collection     end   end end

later on, authorize_resource gets called. inner logics syntax should familiar you: checking abilities hands looks same happens inside of method. take resource_instance obtained @ previous step, params[:action] name of current action, , check if particular action can accessed given object(s).

# cancan/lib/cancan/controller_resource.rb def authorize_resource   unless skip?(:authorize)     # similar happens when call authorize!(:show, @post)     @controller.authorize!(authorization_action, resource_instance || resource_class_with_parent)   end end

as long raising exceptions inside of before_filter stops controller action being executed, failing pass authorization here gets redirected application's home url, shown 500 error page or whatever behaviour defined cancan::accessdenied handling.

on other hand, in case you've passed authorization successfully, action code gets executed. you've got access instance variable (e.g. @post) has been set cancan @ load_resource step.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more