# frozen_string_literal: true module ActionPolicy # Raised when `authorize!` check fails class Unauthorized < Error attr_reader :policy, :rule, :result def initialize(policy, rule) @policy = policy.class @rule = rule @result = policy.result super("Not Authorized") end end # The main purpose of this module is to extact authorize actions # from everything else to make it easily testable. module Authorizer class << self # Performs authorization, raises an exception when check failed. def call(policy, rule) authorize(policy, rule) || raise(::ActionPolicy::Unauthorized.new(policy, rule)) end def authorize(policy, rule) policy.apply(rule) end # Applies scope to the target def scopify(target, policy, **options) policy.apply_scope(target, **options) end end end end