Module: Pundit
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/pundit.rb,
lib/pundit/rspec.rb,
lib/pundit/version.rb,
lib/pundit/policy_finder.rb,
lib/generators/pundit/policy/policy_generator.rb,
lib/generators/pundit/install/install_generator.rb
Defined Under Namespace
Modules: Generators, RSpec
Classes: NotAuthorizedError, NotDefinedError, PolicyFinder
Constant Summary
collapse
- VERSION =
"0.2.0"
Class Method Summary
collapse
Instance Method Summary
collapse
Class Method Details
.policy(user, record) ⇒ Object
23
24
25
26
|
# File 'lib/pundit.rb', line 23
def policy(user, record)
scope = PolicyFinder.new(record).policy
scope.new(user, record) if scope
end
|
.policy!(user, record) ⇒ Object
28
29
30
|
# File 'lib/pundit.rb', line 28
def policy!(user, record)
PolicyFinder.new(record).policy!.new(user, record)
end
|
.policy_scope(user, scope) ⇒ Object
14
15
16
17
|
# File 'lib/pundit.rb', line 14
def policy_scope(user, scope)
policy = PolicyFinder.new(scope).scope
policy.new(user, scope).resolve if policy
end
|
.policy_scope!(user, scope) ⇒ Object
19
20
21
|
# File 'lib/pundit.rb', line 19
def policy_scope!(user, scope)
PolicyFinder.new(scope).scope!.new(user, scope).resolve
end
|
Instance Method Details
#authorize(record, query = nil) ⇒ Object
44
45
46
47
48
49
50
51
|
# File 'lib/pundit.rb', line 44
def authorize(record, query=nil)
query ||= params[:action].to_s + "?"
@_policy_authorized = true
unless policy(record).public_send(query)
raise NotAuthorizedError, "not allowed to #{query} this #{record}"
end
true
end
|
#policy(record) ⇒ Object
57
58
59
|
# File 'lib/pundit.rb', line 57
def policy(record)
Pundit.policy!(current_user, record)
end
|
#policy_scope(scope) ⇒ Object
53
54
55
|
# File 'lib/pundit.rb', line 53
def policy_scope(scope)
Pundit.policy_scope!(current_user, scope)
end
|
#verify_authorized ⇒ Object
40
41
42
|
# File 'lib/pundit.rb', line 40
def verify_authorized
raise NotAuthorizedError unless @_policy_authorized
end
|