lib/avo/app/services/authorization_service.rb in avo-0.4.5 vs lib/avo/app/services/authorization_service.rb in avo-0.4.6
- old
+ new
@@ -1,10 +1,11 @@
module Avo
class AuthorizationService
class << self
def authorize(user, record, action)
return true if skip_authorization
+ return true if user.nil?
begin
if Pundit.policy user, record
Pundit.authorize user, record, action
end
@@ -22,19 +23,26 @@
authorize user, record, action
end
def with_policy(user, model)
return model if skip_authorization
+ return model if user.nil?
begin
Pundit.policy_scope! user, model
rescue => exception
model
end
end
def skip_authorization
Avo::App.license.lacks :authorization
+ end
+
+ def authorized_methods(user, record)
+ [:create, :edit, :update, :show, :destroy].map do |method|
+ [method, authorize(user, record, Avo.configuration.authorization_methods[method])]
+ end.to_h
end
end
end
end