Class: Wallaby::PunditAuthorizationProvider

Inherits:

ModelAuthorizationProvider

• Object
• ModelAuthorizationProvider
• Wallaby::PunditAuthorizationProvider

Defined in:

lib/authorizers/wallaby/pundit_authorization_provider.rb

Overview

Pundit base authorization provider.

Instance Attribute Summary

Attributes inherited from ModelAuthorizationProvider

#options

Class Method Summary

• .available?(context) ⇒ true, false

  Detect and see if Pundit is in use.

• .options_from(context) ⇒ Hash

  Get the information from context for ModelAuthorizationProvider#initialize.

Instance Method Summary

• #accessible_for(_action, scope) ⇒ Object

  Restrict user to access certain scope/query.

• #attributes_for(action, subject) ⇒ Hash

  Restrict user to assign certain values.

• #authorize(action, subject) ⇒ Object

  Check user’s permission for an action on given subject.

• #authorized?(action, subject) ⇒ true, false

  Check and see if user is allowed to perform an action on given subject.

• #permit_params(action, subject) ⇒ Array

  Restrict user for mass assignment.

Methods inherited from ModelAuthorizationProvider

#initialize, #unauthorized?, #user

Constructor Details

This class inherits a constructor from Wallaby::ModelAuthorizationProvider

Class Method Details

.available?(context) ⇒ true, false

Detect and see if Pundit is in use.

Parameters:

• context (ActionController::Base, ActionView::Base)

Returns:

• (true) —

  if Pundit is in use

• (false) —

  otherwise

# File 'lib/authorizers/wallaby/pundit_authorization_provider.rb', line 10

def self.available?(context)
  defined?(Pundit) && context.respond_to?(:pundit_user)
end

.options_from(context) ⇒ Hash

Get the information from context for ModelAuthorizationProvider#initialize

Parameters:

• context (ActionController::Base, ActionView::Base)

Returns:

• (Hash) —

  options

# File 'lib/authorizers/wallaby/pundit_authorization_provider.rb', line 17

def self.options_from(context)
  {
    user: context.try(:pundit_user) || context.try(:wallaby_user)
  }
end

Instance Method Details

#accessible_for(_action, scope) ⇒ Object

Restrict user to access certain scope/query.

Parameters:

• _action (Symbol, String)
• scope (Object)

Returns:

• (Object)

# File 'lib/authorizers/wallaby/pundit_authorization_provider.rb', line 52

def accessible_for(_action, scope)
  Pundit.policy_scope!(user, scope)
end

#attributes_for(action, subject) ⇒ Hash

Restrict user to assign certain values.

It will do a lookup in policy’s methods and pick the first available method:

• ‘attributes_for_#action`

• ‘attributes_for`

Parameters:

• action (Symbol, String)
• subject (Object)

Returns:

• (Hash) —

  field value paired hash that user’s allowed to assign

# File 'lib/authorizers/wallaby/pundit_authorization_provider.rb', line 65

def attributes_for(action, subject)
  policy = Pundit.policy!(user, subject)
  policy.try("attributes_for_#{action}") || policy.try('attributes_for') || {}
end

#authorize(action, subject) ⇒ Object

Check user’s permission for an action on given subject.

This method is mostly used in controller.

Parameters:

• action (Symbol, String)
• subject (Object, Class)

Raises:

• (Forbidden) —

  when user is not authorized to perform the action.

# File 'lib/authorizers/wallaby/pundit_authorization_provider.rb', line 29

def authorize(action, subject)
  Pundit.authorize(user, subject, normalize(action)) && subject
rescue ::Pundit::NotAuthorizedError
  Logger.error <<~MESSAGE
    #{Utils.inspect user} is forbidden to perform #{action} on #{Utils.inspect subject}
  MESSAGE
  raise Forbidden
end

#authorized?(action, subject) ⇒ true, false

Check and see if user is allowed to perform an action on given subject

Parameters:

• action (Symbol, String)
• subject (Object, Class)

Returns:

• (true) —

  if user is allowed to perform the action

• (false) —

  otherwise

# File 'lib/authorizers/wallaby/pundit_authorization_provider.rb', line 43

def authorized?(action, subject)
  policy = Pundit.policy!(user, subject)
  policy.try normalize(action)
end

#permit_params(action, subject) ⇒ Array

Restrict user for mass assignment.

It will do a lookup in policy’s methods and pick the first available method:

• ‘permitted_attributes_for_#{ action }`

• ‘permitted_attributes`

Parameters:

• action (Symbol, String)
• subject (Object)

Returns:

• (Array) —

  field list that user’s allowed to change.

# File 'lib/authorizers/wallaby/pundit_authorization_provider.rb', line 79

def permit_params(action, subject)
  policy = Pundit.policy!(user, subject)
  # @see https://github.com/varvet/pundit/blob/master/lib/pundit.rb#L258
  policy.try("permitted_attributes_for_#{action}") || policy.try('permitted_attributes')
end