Class: RailsAdmin::Extensions::Pundit::AuthorizationAdapter
- Inherits:
-
Object
- Object
- RailsAdmin::Extensions::Pundit::AuthorizationAdapter
- Defined in:
- lib/rails_admin/extensions/pundit/authorization_adapter.rb
Overview
This adapter is for the Pundit authorization library. You can create another adapter for different authorization behavior, just be certain it responds to each of the public methods here.
Class Method Summary collapse
-
.setup ⇒ Object
This method is called first time only and used for setup.
Instance Method Summary collapse
-
#attributes_for(action, abstract_model) ⇒ Object
This is called in the new/create actions to determine the initial attributes for new records.
-
#authorize(action, abstract_model = nil, model_object = nil) ⇒ Object
This method is called in every controller action and should raise an exception when the authorization fails.
-
#authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean
This method is called primarily from the view to determine whether the given user has access to perform the action on a given model.
-
#initialize(controller) ⇒ AuthorizationAdapter
constructor
See the
authorize_with
config method for where the initialization happens. -
#query(_action, abstract_model) ⇒ Object
This is called when needing to scope a database query.
Constructor Details
#initialize(controller) ⇒ AuthorizationAdapter
See the authorize_with
config method for where the initialization happens.
16 17 18 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 16 def initialize(controller) @controller = controller end |
Class Method Details
.setup ⇒ Object
This method is called first time only and used for setup
11 12 13 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 11 def self.setup RailsAdmin::Extensions::ControllerExtension.include defined?(::Pundit::Authorization) ? ::Pundit::Authorization : ::Pundit end |
Instance Method Details
#attributes_for(action, abstract_model) ⇒ Object
This is called in the new/create actions to determine the initial attributes for new records. It should return a hash of attributes which match what the user is authorized to create.
53 54 55 56 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 53 def attributes_for(action, abstract_model) record = abstract_model&.model policy(record).try(:attributes_for, action) || {} end |
#authorize(action, abstract_model = nil, model_object = nil) ⇒ Object
This method is called in every controller action and should raise an exception when the authorization fails. The first argument is the name of the controller action as a symbol (:create, :bulk_delete, etc.). The second argument is the AbstractModel instance that applies. The third argument is the actual model instance if it is available.
25 26 27 28 29 30 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 25 def (action, abstract_model = nil, model_object = nil) record = model_object || abstract_model&.model raise ::Pundit::NotAuthorizedError.new("not allowed to #{action} this #{record}") if action && !policy(record).send(action_for_pundit(action)) @controller.instance_variable_set(:@_pundit_policy_authorized, true) end |
#authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean
This method is called primarily from the view to determine whether the given user has access to perform the action on a given model. It should return true when authorized. This takes the same arguments as authorize
. The difference is that this will return a boolean whereas authorize
will raise an exception when not authorized.
36 37 38 39 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 36 def (action, abstract_model = nil, model_object = nil) record = model_object || abstract_model&.model policy(record).send(action_for_pundit(action)) if action end |
#query(_action, abstract_model) ⇒ Object
This is called when needing to scope a database query. It is called within the list and bulk_delete/destroy actions and should return a scope which limits the records to those which the user can perform the given action on.
44 45 46 47 48 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 44 def query(_action, abstract_model) @controller.send(:policy_scope, abstract_model.model.all) rescue ::Pundit::NotDefinedError abstract_model.model.all end |