Class: Wallaby::CancancanAuthorizationProvider

Inherits:
ModelAuthorizationProvider show all
Defined in:
lib/authorizers/wallaby/cancancan_authorization_provider.rb

Overview

Note:

This authorization provider DOES NOT use the existing current_ability helper. It has its own version of #ability instance.

CanCanCan base authorization provider.

Instance Attribute Summary collapse

Attributes inherited from ModelAuthorizationProvider

#options

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from ModelAuthorizationProvider

#initialize, #unauthorized?, #user

Constructor Details

This class inherits a constructor from Wallaby::ModelAuthorizationProvider

Instance Attribute Details

#abilityAbility

Returns the Ability instance for #user #user} or from the {#options.

Returns:



32
33
34
35
36
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 32

def ability
  # NOTE: use current_ability's class to create the ability instance.
  # just in case that developer uses a different Ability class (e.g. UserAbility)
  @ability ||= options[:ability] || Ability.new(user)
end

Class Method Details

.available?(context) ⇒ true, false

Detect and see if CanCanCan is in use.

Parameters:

  • context (ActionController::Base, ActionView::Base)

Returns:

  • (true)

    if CanCanCan is in use

  • (false)

    otherwise.



13
14
15
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 13

def self.available?(context)
  defined?(CanCanCan) && context.respond_to?(:current_ability)
end

.options_from(context) ⇒ Hash

Get the information from context for ModelAuthorizationProvider#initialize

Parameters:

  • context (ActionController::Base, ActionView::Base)

Returns:

  • (Hash)

    options



20
21
22
23
24
25
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 20

def self.options_from(context)
  {
    ability: context.try(:current_ability),
    user: context.try(:wallaby_user)
  }
end

Instance Method Details

#accessible_for(action, scope) ⇒ Object

Restrict user to access certain scope/query.

Parameters:

  • action (Symbol, String)
  • scope (Object)

Returns:

  • (Object) 


66
67
68
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 66

def accessible_for(action, scope)
  scope.try(:accessible_by, ability, action) || scope
end

#attributes_for(action, subject) ⇒ Object

Restrict user to assign certain values.

Parameters:

  • action (Symbol, String)
  • subject (Object)

Returns:

  • nil



75
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 75

delegate :attributes_for, to: :ability

#authorize(action, subject) ⇒ Object

Check user’s permission for an action on given subject.

This method will be mostly used in controller.

Parameters:

  • action (Symbol, String)
  • subject (Object, Class)

Raises:

  • (Forbidden)

    when user is not authorized to perform the action.



44
45
46
47
48
49
50
51
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 44

def authorize(action, subject)
  ability.authorize! action, subject
rescue ::CanCan::AccessDenied
  Logger.error <<~MESSAGE
    #{Utils.inspect user} is forbidden to perform #{action} on #{Utils.inspect subject}
  MESSAGE
  raise Forbidden
end

#authorized?(action, subject) ⇒ true, false

Check and see if user is allowed to perform an action on given subject.

Parameters:

  • action (Symbol, String)
  • subject (Object, Class)

Returns:

  • (true)

    if user is allowed to perform the action

  • (false)

    otherwise



58
59
60
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 58

def authorized?(action, subject)
  ability.can? action, subject
end

#permit_params(action, subject) ⇒ nil

Simply return nil as CanCanCan doesn’t provide such a feature.

Parameters:

  • action (Symbol, String)
  • subject (Object)

Returns:

  • (nil) 


81
82
83
 
# File 'lib/authorizers/wallaby/cancancan_authorization_provider.rb', line 81

def permit_params(action, subject)
  # Do nothing
end