Sha256: 109ce527ab43efd283109b5547894772b955bb2149d16b424341441616341848

Contents?: true

Size: 1.28 KB

Versions: 3

Compression:

Stored size: 1.28 KB

Contents

# frozen_string_literal: true

module Plutonium
  module Core
    module Controllers
      module Authorizable
        extend ActiveSupport::Concern
        include ActionPolicy::Controller

        included do
          authorize :user, through: :current_user
          authorize :entity_scope, through: :entity_scope_for_authorize

          helper_method :policy_for, :authorized_resource_scope
        end

        private

        # Use this when getting a scope for a resource that is not the current
        # Use this instead of authorized_scope directly
        def authorized_resource_scope(resource, relation: nil, **options)
          raise ArgumentError("Expected resource to be a class inheriting ActiveRecord::Base") unless resource.instance_of?(Class) && resource < ActiveRecord::Base

          options[:with] ||= ActionPolicy.lookup(resource, namespace: authorization_namespace)
          relation ||= resource.all

          authorized_scope(relation, **options)
        end

        def entity_scope_for_authorize
          current_scoped_entity if scoped_to_entity?
        end

        def verify_authorized
          # we don't use action policy's inbuilt checks, so ensure they are neutered,
          # also ensures pundit checks are disabled.
        end
      end
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
plutonium-0.16.3 lib/plutonium/core/controllers/authorizable.rb
plutonium-0.16.1 lib/plutonium/core/controllers/authorizable.rb
plutonium-0.16.0 lib/plutonium/core/controllers/authorizable.rb