Module CanCan::ControllerAdditions::ClassMethods
In: lib/cancan/controller_additions.rb

Methods

Public Instance methods

Sets up a before filter which authorizes the current resource using the instance variable. For example, if you have an ArticlesController it will check the @article instance variable and ensure the user can perform the current action on it. Under the hood it is doing something like the following.

  authorize!(params[:action].to_sym, @article || Article)

Call this method directly on the controller class.

  class BooksController < ApplicationController
    authorize_resource
  end

See load_and_authorize_resource to automatically load the resource too.

Options:

:only
Only applies before filter to given actions.
:except
Does not apply before filter to given actions.
:name
The name of the resource if it cannot be determined from controller (string or symbol).
  load_resource :name => :article
:resource
The class to use for the model (string or constant). Alternatively pass a symbol to represent a resource which does not have a class.

Sets up a before filter which loads and authorizes the current resource. This performs both load_resource and authorize_resource and accepts the same arguments. See those methods for details.

  class BooksController < ApplicationController
    load_and_authorize_resource
  end

Sets up a before filter which loads the appropriate model resource into an instance variable. For example, given an ArticlesController it will load the current article into the @article instance variable. It does this by either calling Article.find(params[:id]) or Article.new(params[:article]) depending upon the action. It does nothing for the "index" action.

Call this method directly on the controller class.

  class BooksController < ApplicationController
    load_resource
  end

A resource is not loaded if the instance variable is already set. This makes it easy to override the behavior through a before_filter on certain actions.

  class BooksController < ApplicationController
    before_filter :find_book_by_permalink, :only => :show
    load_resource

    private

    def find_book_by_permalink
      @book = Book.find_by_permalink!(params[:id)
    end
  end

See load_and_authorize_resource to automatically authorize the resource too.

Options:

:only
Only applies before filter to given actions.
:except
Does not apply before filter to given actions.
:nested
Specify which resource this is nested under.
  load_resource :nested => :author

Deep nesting can be defined in an array.

  load_resource :nested => [:publisher, :author]
:name
The name of the resource if it cannot be determined from controller (string or symbol).
  load_resource :name => :article
:resource
The class to use for the model (string or constant).
:collection
Specify which actions are resource collection actions in addition to :index. This is usually not necessary because it will try to guess depending on if an :id is present in params.
  load_resource :collection => [:sort, :list]
:new
Specify which actions are new resource actions in addition to :new and :create. Pass an action name into here if you would like to build a new resource instead of fetch one.
  load_resource :new => :build

[Validate]