Module: ActionPolicy::Controller
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/action_policy/rails/controller.rb
Overview
Controller concern. Add ‘authorize!` and `allowed_to?` methods, provide `verify_authorized` hook.
Instance Method Summary collapse
-
#authorize!(record = :__undef__, to: nil, **options) ⇒ Object
Authorize action against a policy.
- #authorize_count ⇒ Object
-
#implicit_authorization_target ⇒ Object
Tries to infer the resource class from controller name (i.e. ‘controller_name.classify.safe_constantize`).
- #skip_verify_authorized! ⇒ Object
- #verify_authorized ⇒ Object
Methods included from Behaviours::Namespaced
Methods included from Behaviours::Memoized
#__policies_cache__, #__policy_memoize__, prepended
Methods included from Behaviours::ThreadMemoized
#__policy_thread_memoize__, prepended
Methods included from Behaviour
#allowance_to, #allowed_to?, #authorization_context, #authorization_rule_for, included, #lookup_authorization_policy
Methods included from Behaviours::Scoping
#authorization_scope_type_for, #authorized_scope
Methods included from Behaviours::PolicyFor
#authorization_context, #authorization_namespace, #authorization_strict_namespace, #default_authorization_policy_class, #implicit_authorization_target!, #policy_for, #policy_for_cache_key
Instance Method Details
#authorize!(record = :__undef__, to: nil, **options) ⇒ Object
Authorize action against a policy.
Policy is inferred from record (unless explicitly specified through ‘with` option).
If action is not provided, it’s inferred from ‘action_name`.
If record is not provided, tries to infer the resource class from controller name (i.e. ‘controller_name.classify.safe_constantize`).
Raises ‘ActionPolicy::Unauthorized` if check failed.
48 49 50 51 52 53 54 |
# File 'lib/action_policy/rails/controller.rb', line 48 def (record = :__undef__, to: nil, **) to ||= :"#{action_name}?" super(record, to: to, **) self. += 1 end |
#authorize_count ⇒ Object
67 68 69 |
# File 'lib/action_policy/rails/controller.rb', line 67 def @authorize_count ||= 0 end |
#implicit_authorization_target ⇒ Object
Tries to infer the resource class from controller name (i.e. ‘controller_name.classify.safe_constantize`).
58 59 60 |
# File 'lib/action_policy/rails/controller.rb', line 58 def controller_name.classify.safe_constantize end |
#skip_verify_authorized! ⇒ Object
71 72 73 |
# File 'lib/action_policy/rails/controller.rb', line 71 def @verify_authorized_skipped = true end |
#verify_authorized ⇒ Object
62 63 64 65 |
# File 'lib/action_policy/rails/controller.rb', line 62 def Kernel.raise UnauthorizedAction.new(controller_path, action_name) if .zero? && ! end |