Class: Policy::Base

Inherits:

Object

Object
Policy::Base

Extended by:: Role

Includes:: PolicyDefaults

Defined in:: lib/pundit_roles/policy/base.rb

Overview

Base policy class to be extended by all other policies, authorizes users based on roles they fall into, Can be used to get the attributes or scope of roles.

Constant Summary

Constants included from PolicyDefaults

PolicyDefaults::DEFAULT_ASSOCIATED_ROLES, PolicyDefaults::RESTRICTED_CREATE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_CREATE_ATTRIBUTES, PolicyDefaults::RESTRICTED_SAVE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_SAVE_ATTRIBUTES, PolicyDefaults::RESTRICTED_SHOW_ASSOCIATIONS, PolicyDefaults::RESTRICTED_SHOW_ATTRIBUTES, PolicyDefaults::RESTRICTED_UPDATE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_UPDATE_ATTRIBUTES

Instance Attribute Summary collapse

#resource ⇒ Object readonly

the object we’re checking @permissions of.
#user ⇒ Object readonly

the user that initiated the action.

Attributes included from Role

#permissions, #role_associations, #scopes

Instance Method Summary collapse

#initialize(user, resource) ⇒ Base constructor

A new instance of Base.
#resolve_as_association(roles, actions) ⇒ Object
#resolve_query(query) ⇒ Object

Retrieves the permitted roles for the current query, checks if user is one or more of these roles and return a hash of attributes that the user has access to.
#resolve_scope(query) ⇒ Object

Retrieves the permitted roles for the current query and checks each role, until it finds one that that the user fulfills.

Methods included from Role

role

Methods included from PolicyDefaults

#create?, #destroy?, #index?, #show?, #update?

Constructor Details

#initialize(user, resource) ⇒ `Base`

Returns a new instance of Base.

# File 'lib/pundit_roles/policy/base.rb', line 17

def initialize(user, resource)
  @user = user
  @resource = resource
  freeze
end

Instance Attribute Details

#resource ⇒ `Object` (readonly)

the object we’re checking @permissions of

Returns:

(Object) —

the current value of resource



12
13
14

# File 'lib/pundit_roles/policy/base.rb', line 12

def resource
  @resource
end

#user ⇒ `Object` (readonly)

the user that initiated the action

Returns:

(Object) —

the current value of user



12
13
14

# File 'lib/pundit_roles/policy/base.rb', line 12

def user
  @user
end

Instance Method Details

#resolve_as_association(roles, actions) ⇒ `Object`

# File 'lib/pundit_roles/policy/base.rb', line 63

def resolve_as_association(roles, actions)
  permissions = self.class.permissions
  default_roles = self.class::DEFAULT_ASSOCIATED_ROLES
  associated_roles = roles.present? ? roles|default_roles : default_roles

  return unique_merge(associated_roles, permissions, actions)
end

#resolve_query(query) ⇒ `Object`

Retrieves the permitted roles for the current query, checks if user is one or more of these roles and return a hash of attributes that the user has access to.

Parameters:

query (Symbol, String) —

the predicate method to check on the policy (e.g. ‘:show?`)

# File 'lib/pundit_roles/policy/base.rb', line 27

def resolve_query(query)
  permitted_roles = public_send(query)
  return permitted_roles if permitted_roles.is_a? TrueClass or permitted_roles.is_a? FalseClass

  validate_permission_type(permitted_roles, query)
  permissions = self.class.permissions

  if guest?
    return handle_guest_options(permitted_roles, permissions)
  end

  current_roles = determine_current_roles(permitted_roles)
  return unique_merge(current_roles, permissions)
end

#resolve_scope(query) ⇒ `Object`

Retrieves the permitted roles for the current query and checks each role, until it finds one that that the user fulfills. It returns the defined scope for that role. Scopes do no merge with other scopes