appfolio · zwalker · Aug 6, 2018 · Aug 6, 2018 · Aug 14, 2018 · Aug 14, 2018
@@ -21,4 +21,5 @@ Gem::Specification.new do |s|
 
   s.add_dependency(%q<blockenspiel>, ['~> 0.5.0'])
   s.add_dependency(%q<rails>, ['>= 4.2.5.2', '< 6'])
+  s.add_dependency(%q<praxis>, ['~> 0.21'])
 end
@@ -1,5 +1,6 @@
 require File.join(%w{declarative_authorization helper})
 require File.join(%w{declarative_authorization in_controller})
+require File.join(%w{declarative_authorization in_praxis_controller})
 if defined?(ActiveRecord)
   require File.join(%w{declarative_authorization in_model})
   require File.join(%w{declarative_authorization obligation_scope})

@@ -1,8 +1,9 @@
-# Authorization::AuthorizationInController
 require File.dirname(__FILE__) + '/authorization.rb'
+require File.dirname(__FILE__) + '/in_controller_common.rb'
 
 module Authorization
   module AuthorizationInController
+    include AuthorizationInControllerCommon
 
     def self.included(base) # :nodoc:
       base.extend(ClassMethods)
@@ -11,96 +12,6 @@ def self.included(base) # :nodoc:
       end
     end
 
-    DEFAULT_DENY = false
-
-    # If attribute_check is set for filter_access_to, decl_auth_context will try to
-    # load the appropriate object from the current controller's model with
-    # the id from params[:id].  If that fails, a 404 Not Found is often the
-    # right way to handle the error.  If you have additional measures in place
-    # that restricts the find scope, handling this error as a permission denied
-    # might be a better way.  Set failed_auto_loading_is_not_found to false
-    # for the latter behavior.
-    @@failed_auto_loading_is_not_found = true
-    def self.failed_auto_loading_is_not_found?
-      @@failed_auto_loading_is_not_found
-    end
-    def self.failed_auto_loading_is_not_found=(new_value)
-      @@failed_auto_loading_is_not_found = new_value
-    end
-
-    # Returns the Authorization::Engine for the current controller.
-    def authorization_engine
-      @authorization_engine ||= Authorization::Engine.instance
-    end
-
-    # If the current user meets the given privilege, permitted_to? returns true
-    # and yields to the optional block.  The attribute checks that are defined
-    # in the authorization rules are only evaluated if an object is given
-    # for context.
-    #
-    # See examples for Authorization::AuthorizationHelper #permitted_to?
-    #
-    # If no object or context is specified, the controller_name is used as
-    # context.
-    #
-    def permitted_to?(privilege, object_or_sym = nil, options = {})
-      if authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, false))
-        yield if block_given?
-        true
-      else
-        false
-      end
-    end
-
-    # Works similar to the permitted_to? method, but
-    # throws the authorization exceptions, just like Engine#permit!
-    def permitted_to!(privilege, object_or_sym = nil, options = {})
-      authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, true))
-    end
-
-    # While permitted_to? is used for authorization, in some cases
-    # content should only be shown to some users without being concerned
-    # with authorization.  E.g. to only show the most relevant menu options
-    # to a certain group of users.  That is what has_role? should be used for.
-    def has_role?(*roles)
-      user_roles = authorization_engine.roles_for(current_user)
-      result = roles.all? do |role|
-        user_roles.include?(role)
-      end
-      yield if result and block_given?
-      result
-    end
-
-    # Intended to be used where you want to allow users with any single listed role to view
-    # the content in question
-    def has_any_role?(*roles)
-      user_roles = authorization_engine.roles_for(current_user)
-      result = roles.any? do |role|
-        user_roles.include?(role)
-      end
-      yield if result and block_given?
-      result
-    end
-
-    # As has_role? except checks all roles included in the role hierarchy
-    def has_role_with_hierarchy?(*roles)
-      user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
-      result = roles.all? do |role|
-        user_roles.include?(role)
-      end
-      yield if result and block_given?
-      result
-    end
-
-    # As has_any_role? except checks all roles included in the role hierarchy
-    def has_any_role_with_hierarchy?(*roles)
-      user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
-      result = roles.any? do |role|
-        user_roles.include?(role)
-      end
-      yield if result and block_given?
-      result
-    end
 
     protected
     def filter_access_filter # :nodoc:

@@ -0,0 +1,103 @@
+# require File.dirname(__FILE__) + '/authorization.rb'
+
+module Authorization
+  module AuthorizationInControllerCommon
+
+    DEFAULT_DENY = false
+
+    def self.included(base)
+      base.module_eval do
+        # If attribute_check is set for filter_access_to, decl_auth_context will try to
+        # load the appropriate object from the current controller's model with
+        # the id from params[:id].  If that fails, a 404 Not Found is often the
+        # right way to handle the error.  If you have additional measures in place
+        # that restricts the find scope, handling this error as a permission denied
+        # might be a better way.  Set failed_auto_loading_is_not_found to false
+        # for the latter behavior.
+        @@failed_auto_loading_is_not_found = true
+
+        def self.failed_auto_loading_is_not_found?
+          @@failed_auto_loading_is_not_found
+        end
+
+        def self.failed_auto_loading_is_not_found=(new_value)
+          @@failed_auto_loading_is_not_found = new_value
+        end
+      end
+    end
+
+    # Returns the Authorization::Engine for the current controller.
+    def authorization_engine
+      @authorization_engine ||= Authorization::Engine.instance
+    end
+
+    # If the current user meets the given privilege, permitted_to? returns true
+    # and yields to the optional block.  The attribute checks that are defined
+    # in the authorization rules are only evaluated if an object is given
+    # for context.
+    #
+    # See examples for Authorization::AuthorizationHelper #permitted_to?
+    #
+    # If no object or context is specified, the controller_name is used as
+    # context.
+    #
+    def permitted_to?(privilege, object_or_sym = nil, options = {})
+      if authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, false))
+        yield if block_given?
+        true
+      else
+        false
+      end
+    end
+
+    # Works similar to the permitted_to? method, but
+    # throws the authorization exceptions, just like Engine#permit!
+    def permitted_to!(privilege, object_or_sym = nil, options = {})
+      authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, true))
+    end
+
+    # While permitted_to? is used for authorization, in some cases
+    # content should only be shown to some users without being concerned
+    # with authorization.  E.g. to only show the most relevant menu options
+    # to a certain group of users.  That is what has_role? should be used for.
+    def has_role?(*roles)
+      user_roles = authorization_engine.roles_for(current_user)
+      result = roles.all? do |role|
+        user_roles.include?(role)
+      end
+      yield if result and block_given?
+      result
+    end
+
+    # Intended to be used where you want to allow users with any single listed role to view
+    # the content in question
+    def has_any_role?(*roles)
+      user_roles = authorization_engine.roles_for(current_user)
+      result = roles.any? do |role|
+        user_roles.include?(role)
+      end
+      yield if result and block_given?
+      result
+    end
+
+    # As has_role? except checks all roles included in the role hierarchy
+    def has_role_with_hierarchy?(*roles)
+      user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
+      result = roles.all? do |role|
+        user_roles.include?(role)
+      end
+      yield if result and block_given?
+      result
+    end
+
+    # As has_any_role? except checks all roles included in the role hierarchy
+    def has_any_role_with_hierarchy?(*roles)
+      user_roles = authorization_engine.roles_with_hierarchy_for(current_user)
+      result = roles.any? do |role|
+        user_roles.include?(role)
+      end
+      yield if result and block_given?
+      result
+    end
+  end
+end