4 # Use this to wrap view elements that the user can't access.
5 # !! Note: this is an *interface*, not *security* feature !!
6 # You need to do all access control at the controller level.
9 # <%= if_authorized?(:index, User) do link_to('List all users', users_path) end %> |
10 # <%= if_authorized?(:edit, @user) do link_to('Edit this user', edit_user_path) end %> |
11 # <%= if_authorized?(:destroy, @user) do link_to 'Destroy', @user, :confirm => 'Are you sure?', :method => :delete end %>
14 def if_authorized?(action, resource, &block)
15 if authorized?(action, resource)
16 yield action, resource
21 # Link to user's page ('users/1')
23 # By default, their login is used as link text and link title (tooltip)
26 # * :content_text => 'Content text in place of user.login', escaped with
27 # the standard h() function.
28 # * :content_method => :user_instance_method_to_call_for_content_text
29 # * :title_method => :user_instance_method_to_call_for_title_attribute
30 # * as well as link_to()'s standard options
34 # # => <a href="/users/3" title="barmy">barmy</a>
36 # # if you've added a .name attribute:
37 # content_tag :span, :class => :vcard do
38 # (link_to_user user, :class => 'fn n', :title_method => :login, :content_method => :name) +
39 # ': ' + (content_tag :span, user.email, :class => 'email')
41 # # => <span class="vcard"><a href="/users/3" title="barmy" class="fn n">Cyril Fotheringay-Phipps</a>: <span class="email">barmy@blandings.com</span></span>
43 # link_to_user @user, :content_text => 'Your user page'
44 # # => <a href="/users/3" title="barmy" class="nickname">Your user page</a>
46 def link_to_user(user, options={})
47 raise "Invalid user" unless user
48 options.reverse_merge! :content_method => :login, :title_method => :login, :class => :nickname
49 content_text = options.delete(:content_text)
50 content_text ||= user.send(options.delete(:content_method))
51 options[:title] ||= user.send(options.delete(:title_method))
52 link_to h(content_text), user_path(user), options
56 # Link to login page using remote ip address as link content
58 # The :title (and thus, tooltip) is set to the IP address
61 # link_to_login_with_IP
62 # # => <a href="/login" title="169.69.69.69">169.69.69.69</a>
64 # link_to_login_with_IP :content_text => 'not signed in'
65 # # => <a href="/login" title="169.69.69.69">not signed in</a>
67 def link_to_login_with_IP content_text=nil, options={}
68 ip_addr = request.remote_ip
69 content_text ||= ip_addr
70 options.reverse_merge! :title => ip_addr
71 if tag = options.delete(:tag)
72 content_tag tag, h(content_text), options
74 link_to h(content_text), login_path, options
79 # Link to the current user's page (using link_to_user) or to the login page
80 # (using link_to_login_with_IP).
82 def link_to_current_user(options={})
84 link_to_user current_user, options
86 content_text = options.delete(:content_text) || 'not signed in'
87 # kill ignored options from link_to_user
88 [:content_method, :title_method].each{|opt| options.delete(opt)}
89 link_to_login_with_IP content_text, options