Module: PunditOverwrite

Includes:

PunditAssociations, PunditSelectors

Included in:

Pundit

Defined in:

lib/pundit_roles/pundit.rb

Overview

Contains the overwritten #authorize method

Instance Method Summary

• #authorize!(resource, opts = {query: nil, associations: []}) ⇒ Object, Hash

  A modified version of Pundit’s default authorization.

• #policy_scope!(resource, opts = {query: nil, associations: []}) ⇒ Object, ActiveRecord::Association

  Returns the permitted scope or raises exception.

• #raise_not_authorized(record) ⇒ Object

Methods included from PunditSelectors

#association_create_associations, #association_create_attributes, #association_permissions, #association_show_associations, #association_show_attributes, #association_update_associations, #association_update_attributes, #attribute_permissions, #permissions, #permitted_associations, #permitted_create_associations, #permitted_create_attributes, #permitted_show_associations, #permitted_show_attributes, #permitted_update_associations, #permitted_update_attributes, #primary_create_associations, #primary_create_attributes, #primary_show_associations, #primary_show_attributes, #primary_update_associations, #primary_update_attributes

Methods included from PunditAssociations

#authorize_associations!

Instance Method Details

#authorize!(resource, opts = {query: nil, associations: []}) ⇒ Object, Hash

A modified version of Pundit’s default authorization. Returns a hash of permitted attributes or raises exception it the user is not authorized

Parameters:

• resource (Object) —

  the object we’re checking @permitted_attributes of

• opts (Hash) (defaults to: {query: nil, associations: []}) —

  options for scopes: query, associations query: the method which returns the permissions,

  If omitted then this defaults to the Rails controller action name.
  

  associations: associations to authorize, defaults to []

Returns:

• (Object, Hash) —

  Returns the @permitted_attributes hash or the resource

Raises:

• (NotAuthorizedError) —

  if the given query method returned false

# File 'lib/pundit_roles/pundit.rb', line 19

def authorize!(resource, opts = {query: nil, associations: []})
  opts[:query] ||= params[:action].to_s + '?'

  @_pundit_policy_authorized = true

  @pundit_current_options = {
    primary_resource: resource.is_a?(Class) ? resource : resource.class,
    current_query: opts[:query]
  }

  policy = policy(resource)
  primary_permission = policy.resolve_query(opts[:query])

  unless primary_permission
    raise_not_authorized(resource)
  end

  if primary_permission.is_a? TrueClass
    return resource
  end

  @pundit_primary_permissions = primary_permission

  primary_resource_identifier = @pundit_current_options[:primary_resource].name.underscore.to_sym
  @pundit_attribute_lists = {
    show: {primary_resource_identifier => primary_show_attributes},
    create: [*primary_create_attributes],
    update: [*primary_update_attributes]
  }
  @pundit_permission_table = {}
  @pundit_permitted_associations = {show: [], create: [], update: []}

  if opts[:associations].present?
    authorize_associations!(opts)
  end

  return @pundit_primary_permissions
end

#policy_scope!(resource, opts = {query: nil, associations: []}) ⇒ Object, ActiveRecord::Association

Returns the permitted scope or raises exception

Parameters:

• resource (Object) —

  the object we’re checking @permitted_attributes of

• opts (Hash) (defaults to: {query: nil, associations: []}) —

  options for scopes: query, associations query: the method which returns the permissions,

  If omitted then this defaults to the Rails controller action name.
  

  associations: associations to scope, defaults to []

Returns:

• (Object, ActiveRecord::Association) —

  Returns the @permitted_attributes hash or the resource

Raises:

• (NotAuthorizedError) —

  if the given query method returned false

# File 'lib/pundit_roles/pundit.rb', line 67

def policy_scope!(resource, opts= {query: nil, associations: []})
  opts[:query] ||= params[:action].to_s + '?'

  @_pundit_policy_scoped = true

  @pundit_current_options = {
    primary_resource: resource.is_a?(Class) ? resource : resource.class,
    current_query: opts[:query]
  }

  policy = policy(resource)
  permitted_scope = policy.resolve_scope(opts[:query])

  unless permitted_scope
    raise_not_authorized(resource)
  end

  if permitted_scope.is_a? TrueClass
    return resource
  end

  return permitted_scope
end

#raise_not_authorized(record) ⇒ Object

Raises:

• (Pundit::NotAuthorizedError)

# File 'lib/pundit_roles/pundit.rb', line 91

def raise_not_authorized(record)
  raise Pundit::NotAuthorizedError,
        query: @pundit_current_options[:current_query],
        record: record
end