| Module | Access::Controlled |
| In: |
lib/access.rb
lib/access_db_helpers.rb |
Throws a PermissionFailure exception if the user does not have privilege ‘priv’ on this object. Otherwise, returns the object itself, to allow for use as an annotation, e.g.
acct = Account.find( some_id ).check_permission!( :queue_trades )
First argument may also be a pair of
on an associated object…
# File lib/access.rb, line 257
257: def check_permission!( priv, user = User.current )
258: (priv, associate) = disassemble_priv( priv )
259: associate_name = associate.class.to_s + ' ' +
260: ((associate.has_attribute?(:name)? associate.name : nil) || 'X')
261: log_text = "permission check: #{priv} #{associate_name}(#{associate.id})"
262:
263: log_hash = {
264: :model_class => associate.class.name,
265: :model_id => associate.id,
266: :privilege => priv.to_s,
267: :user_id => user.id,
268: :user_name => user.name
269: }
270:
271: if !user.can?( priv, associate )
272: logger.warn "=== FAILED #{log_text}"
273: log_hash[:success] = false
274: RequestLogEntry.note_pcheck( log_hash )
275: raise PermissionFailure.new( "not authorized to #{priv}",
276: :privilege => priv,
277: :target => associate )
278: else
279: log_hash[:success] = true
280: RequestLogEntry.note_pcheck( log_hash )
281: logger.warn "=== #{log_text}"
282: end
283: self
284: end
Returns true if the user has privilege ‘priv’ on this object.
First argument may also be a pair, [:privilege, :associate], to check privilege on an associated object.
# File lib/access.rb, line 241
241: def permits?( priv, user = User.current )
242: (priv, associate) = disassemble_priv( priv )
243: user.can?( priv, associate )
244: end