lib/pundit.rb in pundit-0.3.0 vs lib/pundit.rb in pundit-1.0.0
- old
+ new
@@ -5,20 +5,43 @@
require "active_support/core_ext/object/blank"
require "active_support/core_ext/module/introspection"
require "active_support/dependencies/autoload"
module Pundit
- class NotAuthorizedError < StandardError
- attr_accessor :query, :record, :policy
+ SUFFIX = "Policy"
+
+ class Error < StandardError; end
+ class NotAuthorizedError < Error
+ attr_reader :query, :record, :policy
+
+ def initialize(options = {})
+ @query = options[:query]
+ @record = options[:record]
+ @policy = options[:policy]
+
+ message = options.fetch(:message) { "not allowed to #{query} this #{record.inspect}" }
+
+ super(message)
+ end
end
- class AuthorizationNotPerformedError < StandardError; end
+ class AuthorizationNotPerformedError < Error; end
class PolicyScopingNotPerformedError < AuthorizationNotPerformedError; end
- class NotDefinedError < StandardError; end
+ class NotDefinedError < Error; end
extend ActiveSupport::Concern
class << self
+ def authorize(user, record, query)
+ policy = policy!(user, record)
+
+ unless policy.public_send(query)
+ raise NotAuthorizedError.new(query: query, record: record, policy: policy)
+ end
+
+ true
+ end
+
def policy_scope(user, scope)
policy_scope = PolicyFinder.new(scope).scope
policy_scope.new(user, scope).resolve if policy_scope
end
@@ -34,64 +57,102 @@
def policy!(user, record)
PolicyFinder.new(record).policy!.new(user, record)
end
end
+ module Helper
+ def policy_scope(scope)
+ pundit_policy_scope(scope)
+ end
+ end
+
included do
+ helper Helper if respond_to?(:helper)
if respond_to?(:helper_method)
- helper_method :policy_scope
helper_method :policy
+ helper_method :pundit_policy_scope
helper_method :pundit_user
end
if respond_to?(:hide_action)
- hide_action :policy_scope
- hide_action :policy_scope=
hide_action :policy
- hide_action :policy=
+ hide_action :policy_scope
+ hide_action :policies
+ hide_action :policy_scopes
hide_action :authorize
hide_action :verify_authorized
hide_action :verify_policy_scoped
+ hide_action :permitted_attributes
hide_action :pundit_user
+ hide_action :skip_authorization
+ hide_action :skip_policy_scope
end
end
+ def pundit_policy_authorized?
+ !!@_pundit_policy_authorized
+ end
+
+ def pundit_policy_scoped?
+ !!@_pundit_policy_scoped
+ end
+
def verify_authorized
- raise AuthorizationNotPerformedError unless @_policy_authorized
+ raise AuthorizationNotPerformedError unless pundit_policy_authorized?
end
def verify_policy_scoped
- raise PolicyScopingNotPerformedError unless @_policy_scoped
+ raise PolicyScopingNotPerformedError unless pundit_policy_scoped?
end
def authorize(record, query=nil)
query ||= params[:action].to_s + "?"
- @_policy_authorized = true
+ @_pundit_policy_authorized = true
+
policy = policy(record)
unless policy.public_send(query)
- error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
- error.query, error.record, error.policy = query, record, policy
-
- raise error
+ raise NotAuthorizedError.new(query: query, record: record, policy: policy)
end
true
end
+ def skip_authorization
+ @_pundit_policy_authorized = true
+ end
+
+ def skip_policy_scope
+ @_pundit_policy_scoped = true
+ end
+
def policy_scope(scope)
- @_policy_scoped = true
- @policy_scope or Pundit.policy_scope!(pundit_user, scope)
+ @_pundit_policy_scoped = true
+ pundit_policy_scope(scope)
end
- attr_writer :policy_scope
def policy(record)
- @_policy or Pundit.policy!(pundit_user, record)
+ policies[record] ||= Pundit.policy!(pundit_user, record)
end
- def policy=(policy)
- @_policy = policy
+ def permitted_attributes(record)
+ name = record.class.to_s.demodulize.underscore
+ params.require(name).permit(policy(record).permitted_attributes)
end
+ def policies
+ @_pundit_policies ||= {}
+ end
+
+ def policy_scopes
+ @_pundit_policy_scopes ||= {}
+ end
+
def pundit_user
current_user
+ end
+
+private
+
+ def pundit_policy_scope(scope)
+ policy_scopes[scope] ||= Pundit.policy_scope!(pundit_user, scope)
end
end