-
Notifications
You must be signed in to change notification settings - Fork 17
Permission REST API to access models from the view
The integration with CanCan provides a nice set of extra helpers to facilitate controlling who gets access to operate on the models.
The following methods should be used from within a view or even in a view helper.
These helpers always check the current_user to see if the user has the required permission access for the required action on the given model. If not, the link is not rendered.
Here is a list of the REST links and the required CanCan permission level for the model instance(s) to link to. Note that the CanCan :manage level implies full permission and :write full mutation access.
- Index :read
- Show :read
- Create :create
- Edit :edit
- Delete :destroy
Typically the REST links are used within views, partials and view helpers. Example:
<%= index_link(Post, 'To the posts') %> <%= create_link(Post, 'Create a new post') %>
For the create and index REST actions, you can pass either an instance or a class of a model object. The other REST options only work with model instances.
index_link(Post) index_link(Post, 'To the posts') index_link(@post) index_link(@post, 'All the posts')
create_link(Post) create_link(Post, 'Create the post') create_link(@post) create_link(@post, 'Create the post')
edit_link(@post) edit_link(@post, 'Edit the post')
delete_link(@post) delete_link(@post, 'Delete the post')
show_link(@post) show_link(@post, 'Show the post')