Sha256: d360bdc1eb786f100b9df2939c039a57eac8835de67ec1646b5d588433ae916b
Contents?: true
Size: 1.64 KB
Versions: 3
Compression:
Stored size: 1.64 KB
Contents
module Avo module Concerns module ChecksAssocAuthorization extend ActiveSupport::Concern # Ex: A Post has many Comments def authorize_association_for(policy_method) # Use the related_name as the base of the association association_name = @reflection&.name return true if association_name.blank? # Fetch the appropriate resource reflection_resource = field.resource # Hydrate the resource with the record if we have one reflection_resource.hydrate(record: @parent_record) if @parent_record.present? # Some policy methods should get the parent record in order to have the necessary information to do the authorization # Example: Post->has_many->Comments # # When you want to authorize the creation/attaching of a Comment, you don't have the Comment instance. # But you do have the Post instance and you can get that in your policy to authorize against. record = if policy_method.in? [:view, :create, :attach, :act_on] # Use the parent record (Post) reflection_resource.record else # Override the record with the child record (Comment) resource.record end # Use the policy methods from the parent (Post) service = reflection_resource.authorization method_name = :"#{policy_method}_#{association_name}?".to_sym if service.has_method?(method_name, raise_exception: false) service.authorize_action(method_name, record:, raise_exception: false) else !Avo.configuration.implicit_authorization end end end end end
Version data entries
3 entries across 3 versions & 1 rubygems
Version | Path |
---|---|
avo-3.13.6 | lib/avo/concerns/checks_assoc_authorization.rb |
avo-3.13.5 | lib/avo/concerns/checks_assoc_authorization.rb |
avo-3.13.4 | lib/avo/concerns/checks_assoc_authorization.rb |