Class: RailsAdmin::Extensions::Pundit::AuthorizationAdapter
- Inherits:
-
Object
- Object
- RailsAdmin::Extensions::Pundit::AuthorizationAdapter
- Defined in:
- lib/rails_admin/extensions/pundit/authorization_adapter.rb
Overview
This adapter is for the Pundit[https://github.com/elabs/pundit] authorization library. You can create another adapter for different authorization behavior, just be certain it responds to each of the public methods here.
Class Method Summary collapse
-
.setup ⇒ Object
This method is called first time only and used for setup.
Instance Method Summary collapse
-
#attributes_for(action, abstract_model) ⇒ Object
This is called in the new/create actions to determine the initial attributes for new records.
-
#authorize(action, abstract_model = nil, model_object = nil) ⇒ Object
This method is called in every controller action and should raise an exception when the authorization fails.
-
#authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean
This method is called primarily from the view to determine whether the given user has access to perform the action on a given model.
-
#initialize(controller) ⇒ AuthorizationAdapter
constructor
See the +authorize_with+ config method for where the initialization happens.
-
#query(_action, abstract_model) ⇒ Object
This is called when needing to scope a database query.
Constructor Details
#initialize(controller) ⇒ AuthorizationAdapter
See the +authorize_with+ config method for where the initialization happens.
16 17 18 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 16 def initialize(controller) @controller = controller end |
Class Method Details
.setup ⇒ Object
This method is called first time only and used for setup
11 12 13 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 11 def self.setup RailsAdmin::Extensions::ControllerExtension.include defined?(::Pundit::Authorization) ? ::Pundit::Authorization : ::Pundit end |
Instance Method Details
#attributes_for(action, abstract_model) ⇒ Object
This is called in the new/create actions to determine the initial attributes for new records. It should return a hash of attributes which match what the user is authorized to create.
53 54 55 56 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 53 def attributes_for(action, abstract_model) record = abstract_model&.model policy(record).try(:attributes_for, action) || {} end |
#authorize(action, abstract_model = nil, model_object = nil) ⇒ Object
This method is called in every controller action and should raise an exception when the authorization fails. The first argument is the name of the controller action as a symbol (:create, :bulk_delete, etc.). The second argument is the AbstractModel instance that applies. The third argument is the actual model instance if it is available.
25 26 27 28 29 30 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 25 def (action, abstract_model = nil, model_object = nil) record = model_object || abstract_model&.model raise ::Pundit::NotAuthorizedError.new("not allowed to #{action} this #{record}") if action && !policy(record).send(action_for_pundit(action)) @controller.instance_variable_set(:@_pundit_policy_authorized, true) end |
#authorized?(action, abstract_model = nil, model_object = nil) ⇒ Boolean
This method is called primarily from the view to determine whether the given user has access to perform the action on a given model. It should return true when authorized. This takes the same arguments as +authorize+. The difference is that this will return a boolean whereas +authorize+ will raise an exception when not authorized.
36 37 38 39 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 36 def (action, abstract_model = nil, model_object = nil) record = model_object || abstract_model&.model policy(record).send(action_for_pundit(action)) if action end |
#query(_action, abstract_model) ⇒ Object
This is called when needing to scope a database query. It is called within the list and bulk_delete/destroy actions and should return a scope which limits the records to those which the user can perform the given action on.
44 45 46 47 48 |
# File 'lib/rails_admin/extensions/pundit/authorization_adapter.rb', line 44 def query(_action, abstract_model) @controller.send(:policy_scope, abstract_model.model.all) rescue ::Pundit::NotDefinedError abstract_model.model.all end |