Module: ActionPolicy::Behaviour

Includes:

ActionPolicy::Behaviours::PolicyFor, ActionPolicy::Behaviours::Scoping

Included in:

Channel, Controller

Defined in:

lib/action_policy/behaviour.rb

Overview

Provides ‘authorize!` and `allowed_to?` methods and `authorize` class method to define authorization context.

Could be included anywhere to perform authorization.

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #allowance_to(rule, record = :__undef__, **options) ⇒ Object

  Returns the authorization result object after applying a specified rule to a record.

• #allowed_to?(rule, record = :__undef__, **options) ⇒ Boolean

  Checks that an activity is allowed for the current context (e.g. user).

• #authorization_context ⇒ Object
• #authorization_rule_for(policy, rule) ⇒ Object

  Check that rule is defined for policy, otherwise fallback to :manage? rule.

• #authorize!(record = :__undef__, to:, **options) ⇒ Object

  Authorize action against a policy.

• #lookup_authorization_policy(record, with: nil, **options) ⇒ Object

  :nodoc:.

Methods included from ActionPolicy::Behaviours::Scoping

#authorization_scope_type_for, #authorized_scope

Methods included from ActionPolicy::Behaviours::PolicyFor

#authorization_namespace, #authorization_strict_namespace, #default_authorization_policy_class, #implicit_authorization_target, #implicit_authorization_target!, #policy_for, #policy_for_cache_key

Class Method Details

.included(base) ⇒ Object

# File 'lib/action_policy/behaviour.rb', line 20

def self.included(base)
  # Handle ActiveSupport::Concern differently
  if base.respond_to?(:class_methods)
    base.class_methods do
      include ClassMethods
    end
  else
    base.extend ClassMethods
  end
end

Instance Method Details

#allowance_to(rule, record = :__undef__, **options) ⇒ Object

Returns the authorization result object after applying a specified rule to a record.

# File 'lib/action_policy/behaviour.rb', line 53

def allowance_to(rule, record = :__undef__, **options)
  policy = lookup_authorization_policy(record, **options)

  policy.apply(authorization_rule_for(policy, rule))
  policy.result
end

#allowed_to?(rule, record = :__undef__, **options) ⇒ Boolean

Checks that an activity is allowed for the current context (e.g. user).

Returns true of false.

Returns:

• (Boolean)

# File 'lib/action_policy/behaviour.rb', line 46

def allowed_to?(rule, record = :__undef__, **options)
  policy = lookup_authorization_policy(record, **options)

  policy.apply(authorization_rule_for(policy, rule))
end

#authorization_context ⇒ Object

# File 'lib/action_policy/behaviour.rb', line 60

def authorization_context
  @_authorization_context ||= build_authorization_context
end

#authorization_rule_for(policy, rule) ⇒ Object

Check that rule is defined for policy, otherwise fallback to :manage? rule.

# File 'lib/action_policy/behaviour.rb', line 73

def authorization_rule_for(policy, rule)
  policy.resolve_rule(rule)
end

#authorize!(record = :__undef__, to:, **options) ⇒ Object

Authorize action against a policy.

Policy is inferred from record (unless explicitly specified through ‘with` option).

Raises ‘ActionPolicy::Unauthorized` if check failed.

# File 'lib/action_policy/behaviour.rb', line 37

def authorize!(record = :__undef__, to:, **options)
  policy = lookup_authorization_policy(record, **options)

  Authorizer.call(policy, authorization_rule_for(policy, to))
end

#lookup_authorization_policy(record, with: nil, **options) ⇒ Object

:nodoc:

# File 'lib/action_policy/behaviour.rb', line 77

def lookup_authorization_policy(record, with: nil, **options) # :nodoc:
  if :__undef__ == record # rubocop:disable Style/YodaCondition
    record =
      if with
        implicit_authorization_target
      else
        implicit_authorization_target!
      end
  end

  Kernel.raise ArgumentError, "Record or policy must be specified" if record.nil? && with.nil?

  policy_for(record: record, with: with, **options)
end