Provides a simple integration between CanCanCan and Active Model Serializers.
Add this line to your application's Gemfile:
gem 'active_model_serializers_cancancan'
And then execute:
$ bundle
Or install it yourself as:
$ gem install active_model_serializers_cancancan
hasOne
and hasMany
serializer macros now support an additional property, authorize
. Associations with this property set to true will be authorized and filtered via CanCan. For example:
class PostSerializer < ActiveModel::Serializer
attributes :title, :content
has_one :author, authorize: true
has_many :comments, authorize: true
end
Serializers now also have access to the same helpers as controllers, namely current_ability
, can?
, and cannot?
.
Use the abilities
helper method to add an abilities
key to the serialized data. For example:
class PostSerializer < ActiveModel::Serializer
attributes :id
abilities :show, :update
end
@post.as_json # { id: 1, abilities: { show: true, update: false } }
If :restful
is passed as an ability it will expand to the 7 default
RESTful actions: :index, :show, :new, :create, :edit, :update, :destroy
Abilities are checked by calling the can_#{action}?
method. By overriding this method the result for the ability can be customized. For example:
class PostSerializer < ActiveModel::Serializer
attributes :id
abilities :show
def can_show?
session[:wizard_started] && can?(:show, object)
end
end
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request