Class: Policy::Base
- Inherits:
-
Object
- Object
- Policy::Base
- Extended by:
- Role
- Includes:
- PolicyDefaults
- Defined in:
- lib/pundit_roles/policy/base.rb
Overview
Base policy class to be extended by all other policies, authorizes users based on roles they fall into, Can be used to get the attributes or scope of roles.
Constant Summary
Constants included from PolicyDefaults
PolicyDefaults::DEFAULT_ASSOCIATED_ROLES, PolicyDefaults::RESTRICTED_CREATE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_CREATE_ATTRIBUTES, PolicyDefaults::RESTRICTED_SAVE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_SAVE_ATTRIBUTES, PolicyDefaults::RESTRICTED_SHOW_ASSOCIATIONS, PolicyDefaults::RESTRICTED_SHOW_ATTRIBUTES, PolicyDefaults::RESTRICTED_UPDATE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_UPDATE_ATTRIBUTES
Instance Attribute Summary collapse
-
#resource ⇒ Object
readonly
the object we’re checking @permissions of.
-
#user ⇒ Object
readonly
the user that initiated the action.
Attributes included from Role
#permissions, #role_associations, #scopes
Instance Method Summary collapse
-
#initialize(user, resource) ⇒ Base
constructor
A new instance of Base.
- #resolve_as_association(roles, actions) ⇒ Object
-
#resolve_query(query) ⇒ Object
Retrieves the permitted roles for the current query, checks if user is one or more of these roles and return a hash of attributes that the user has access to.
-
#resolve_scope(query) ⇒ Object
Retrieves the permitted roles for the current query and checks each role, until it finds one that that the user fulfills.
Methods included from Role
Methods included from PolicyDefaults
#create?, #destroy?, #index?, #show?, #update?
Constructor Details
#initialize(user, resource) ⇒ Base
Returns a new instance of Base.
17 18 19 20 21 |
# File 'lib/pundit_roles/policy/base.rb', line 17 def initialize(user, resource) @user = user @resource = resource freeze end |
Instance Attribute Details
#resource ⇒ Object (readonly)
the object we’re checking @permissions of
12 13 14 |
# File 'lib/pundit_roles/policy/base.rb', line 12 def resource @resource end |
#user ⇒ Object (readonly)
the user that initiated the action
12 13 14 |
# File 'lib/pundit_roles/policy/base.rb', line 12 def user @user end |
Instance Method Details
#resolve_as_association(roles, actions) ⇒ Object
63 64 65 66 67 68 69 |
# File 'lib/pundit_roles/policy/base.rb', line 63 def resolve_as_association(roles, actions) = self.class. default_roles = self.class::DEFAULT_ASSOCIATED_ROLES associated_roles = roles.present? ? roles|default_roles : default_roles return unique_merge(associated_roles, , actions) end |
#resolve_query(query) ⇒ Object
Retrieves the permitted roles for the current query, checks if user is one or more of these roles and return a hash of attributes that the user has access to.
27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/pundit_roles/policy/base.rb', line 27 def resolve_query(query) permitted_roles = public_send(query) return permitted_roles if permitted_roles.is_a? TrueClass or permitted_roles.is_a? FalseClass (permitted_roles, query) = self.class. if guest? return (permitted_roles, ) end current_roles = determine_current_roles(permitted_roles) return unique_merge(current_roles, ) end |
#resolve_scope(query) ⇒ Object
Retrieves the permitted roles for the current query and checks each role, until it finds one that that the user fulfills. It returns the defined scope for that role. Scopes do no merge with other scopes
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/pundit_roles/policy/base.rb', line 46 def resolve_scope(query) permitted_roles = public_send(query) return permitted_roles if permitted_roles.is_a? TrueClass or permitted_roles.is_a? FalseClass (permitted_roles, query) scopes = self.class.scopes if guest? return handle_guest_scope(permitted_roles, scopes) end current_roles = determine_current_roles(permitted_roles) return false unless current_roles.present? return instance_eval &scopes[current_roles[0]] end |