Module: Pundit
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/pundit.rb,
lib/pundit/rspec.rb,
lib/pundit/version.rb,
lib/pundit/policy_finder.rb,
lib/generators/pundit/policy/policy_generator.rb,
lib/generators/pundit/install/install_generator.rb
Defined Under Namespace
Modules: RSpec Classes: AuthorizationNotPerformedError, NotAuthorizedError, NotDefinedError, PolicyFinder, PolicyScopingNotPerformedError
Constant Summary collapse
- SUFFIX =
"Policy"
- VERSION =
"1.1.0"
Class Method Summary collapse
-
.authorize(user, record, query) ⇒ true
Retrieves the policy for the given record, initializing it with the record and user and finally throwing an error if the user is not authorized to perform the given action.
-
.policy(user, record) ⇒ Object?
Retrieves the policy for the given record.
-
.policy!(user, record) ⇒ Object
Retrieves the policy for the given record.
-
.policy_scope(user, scope) ⇒ Scope{#resolve}?
Retrieves the policy scope for the given record.
-
.policy_scope!(user, scope) ⇒ Scope{#resolve}
Retrieves the policy scope for the given record.
Instance Method Summary collapse
-
#authorize(record, query = nil) ⇒ true
Retrieves the policy for the given record, initializing it with the record and current user and finally throwing an error if the user is not authorized to perform the given action.
-
#permitted_attributes(record, action = ) ⇒ Hash{String => Object}
Retrieves a set of permitted attributes from the policy by instantiating the policy class for the given record and calling
permitted_attributes
on it, orpermitted_attributes_for_{action}
if it is defined. -
#policy(record) ⇒ Object?
Retrieves the policy for the given record.
-
#policy_scope(scope) ⇒ Scope{#resolve}?
Retrieves the policy scope for the given record.
-
#pundit_policy_authorized? ⇒ Boolean
Whether authorization has been performed, i.e.
-
#pundit_policy_scoped? ⇒ Boolean
Whether policy scoping has been performed, i.e.
-
#pundit_user ⇒ Object
Hook method which allows customizing which user is passed to policies and scopes initialized by #authorize, #policy and #policy_scope.
-
#skip_authorization
Allow this action not to perform authorization.
-
#skip_policy_scope
Allow this action not to perform policy scoping.
-
#verify_authorized
Raises an error if authorization has not been performed, usually used as an
after_action
filter to prevent programmer error in forgetting to call #authorize or #skip_authorization. -
#verify_policy_scoped
Raises an error if policy scoping has not been performed, usually used as an
after_action
filter to prevent programmer error in forgetting to call #policy_scope or #skip_policy_scope in index actions.
Class Method Details
.authorize(user, record, query) ⇒ true
Retrieves the policy for the given record, initializing it with the record and user and finally throwing an error if the user is not authorized to perform the given action.
61 62 63 64 65 66 67 68 69 |
# File 'lib/pundit.rb', line 61 def (user, record, query) policy = policy!(user, record) unless policy.public_send(query) raise NotAuthorizedError, query: query, record: record, policy: policy end true end |
.policy(user, record) ⇒ Object?
Retrieves the policy for the given record.
99 100 101 102 |
# File 'lib/pundit.rb', line 99 def policy(user, record) policy = PolicyFinder.new(record).policy policy.new(user, record) if policy end |
.policy!(user, record) ⇒ Object
Retrieves the policy for the given record.
111 112 113 |
# File 'lib/pundit.rb', line 111 def policy!(user, record) PolicyFinder.new(record).policy!.new(user, record) end |
.policy_scope(user, scope) ⇒ Scope{#resolve}?
Retrieves the policy scope for the given record.
77 78 79 80 |
# File 'lib/pundit.rb', line 77 def policy_scope(user, scope) policy_scope = PolicyFinder.new(scope).scope policy_scope.new(user, scope).resolve if policy_scope end |
.policy_scope!(user, scope) ⇒ Scope{#resolve}
Retrieves the policy scope for the given record.
89 90 91 |
# File 'lib/pundit.rb', line 89 def policy_scope!(user, scope) PolicyFinder.new(scope).scope!.new(user, scope).resolve end |
Instance Method Details
#authorize(record, query = nil) ⇒ true
Retrieves the policy for the given record, initializing it with the record and current user and finally throwing an error if the user is not authorized to perform the given action.
189 190 191 192 193 194 195 196 197 198 199 200 201 |
# File 'lib/pundit.rb', line 189 def (record, query = nil) query ||= params[:action].to_s + "?" = true policy = policy(record) unless policy.public_send(query) raise NotAuthorizedError, query: query, record: record, policy: policy end true end |
#permitted_attributes(record, action = ) ⇒ Hash{String => Object}
Retrieves a set of permitted attributes from the policy by instantiating
the policy class for the given record and calling permitted_attributes
on
it, or permitted_attributes_for_{action}
if it is defined. It then infers
what key the record should have in the params hash and retrieves the
permitted attributes from the params hash under that key.
247 248 249 250 251 252 253 254 255 256 |
# File 'lib/pundit.rb', line 247 def permitted_attributes(record, action = params[:action]) param_key = PolicyFinder.new(record).param_key policy = policy(record) method_name = if policy.respond_to?("permitted_attributes_for_#{action}") "permitted_attributes_for_#{action}" else "permitted_attributes" end params.require(param_key).permit(policy.public_send(method_name)) end |
#policy(record) ⇒ Object?
Retrieves the policy for the given record.
234 235 236 |
# File 'lib/pundit.rb', line 234 def policy(record) policies[record] ||= Pundit.policy!(pundit_user, record) end |
#policy_scope(scope) ⇒ Scope{#resolve}?
Retrieves the policy scope for the given record.
224 225 226 227 |
# File 'lib/pundit.rb', line 224 def policy_scope(scope) @_pundit_policy_scoped = true pundit_policy_scope(scope) end |
#pundit_policy_authorized? ⇒ Boolean
Returns whether authorization has been performed, i.e. whether one #authorize or #skip_authorization has been called.
149 150 151 |
# File 'lib/pundit.rb', line 149 def !! end |
#pundit_policy_scoped? ⇒ Boolean
Returns whether policy scoping has been performed, i.e. whether one #policy_scope or #skip_policy_scope has been called.
155 156 157 |
# File 'lib/pundit.rb', line 155 def pundit_policy_scoped? !!@_pundit_policy_scoped end |
#pundit_user ⇒ Object
Hook method which allows customizing which user is passed to policies and scopes initialized by #authorize, #policy and #policy_scope.
277 278 279 |
# File 'lib/pundit.rb', line 277 def pundit_user current_user end |
#skip_authorization
This method returns an undefined value.
Allow this action not to perform authorization.
207 208 209 |
# File 'lib/pundit.rb', line 207 def = true end |
#skip_policy_scope
This method returns an undefined value.
Allow this action not to perform policy scoping.
215 216 217 |
# File 'lib/pundit.rb', line 215 def skip_policy_scope @_pundit_policy_scoped = true end |
#verify_authorized
This method returns an undefined value.
Raises an error if authorization has not been performed, usually used as an
after_action
filter to prevent programmer error in forgetting to call
#authorize or #skip_authorization.
166 167 168 |
# File 'lib/pundit.rb', line 166 def raise AuthorizationNotPerformedError, self.class unless end |
#verify_policy_scoped
This method returns an undefined value.
Raises an error if policy scoping has not been performed, usually used as an
after_action
filter to prevent programmer error in forgetting to call
#policy_scope or #skip_policy_scope in index actions.
177 178 179 |
# File 'lib/pundit.rb', line 177 def verify_policy_scoped raise PolicyScopingNotPerformedError, self.class unless pundit_policy_scoped? end |