Contents

module Pundit
  module ResourceController
    extend ActiveSupport::Concern

    included do
      include ActionController::Rescue

      JSONAPI.configure do |config|
        error = Pundit::NotAuthorizedError
        unless config.exception_class_whitelist.include? error
          config.exception_class_whitelist << error
        end
      end

      rescue_from Pundit::NotAuthorizedError, with: :reject_forbidden_request
    end

    protected

    def reject_forbidden_request(error)
      type = error.record.class.name.underscore.humanize(capitalize: false)
      error = JSONAPI::Error.new(
        code: JSONAPI::FORBIDDEN,
        status: :forbidden,
        title: "#{params[:action].capitalize} Forbidden",
        detail: "You don't have permission to #{params[:action]} this #{type}.",
      )

      render json: { errors: [error] }, status: 403
    end

    def context
      { current_user: current_user }
    end

    def current_user
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
pundit-resources-1.0.0	lib/pundit/resource_controller.rb