Module: ActionPolicy::Behaviour

Includes:: ActionPolicy::Behaviours::PolicyFor

Included in:: Channel, Controller

Defined in:: lib/action_policy/behaviour.rb

Overview

Provides ‘authorize!` and `allowed_to?` methods and `authorize` class method to define authorization context.

Could be included anywhere to perform authorization.

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

.included(base) ⇒ Object

Instance Method Summary collapse

#allowed_to?(rule, record, **options) ⇒ Boolean

Checks that an activity is allowed for the current context (e.g. user).
#authorization_context ⇒ Object
#authorization_rule_for(policy, rule) ⇒ Object

Check that rule is defined for policy, otherwise fallback to :manage? rule.
#authorize!(record, to:, **options) ⇒ Object

Authorize action against a policy.

Methods included from ActionPolicy::Behaviours::PolicyFor

#authorization_namespace, #policy_for

Class Method Details

.included(base) ⇒ `Object`

# File 'lib/action_policy/behaviour.rb', line 16

def self.included(base)
  # Handle ActiveSupport::Concern differently
  if base.respond_to?(:class_methods)
    base.class_methods do
      include ClassMethods
    end
  else
    base.extend ClassMethods
  end
end

Instance Method Details

#allowed_to?(rule, record, **options) ⇒ `Boolean`

Checks that an activity is allowed for the current context (e.g. user).

Returns true of false.

Returns:

(Boolean)

# File 'lib/action_policy/behaviour.rb', line 42

def allowed_to?(rule, record, **options)
  policy = policy_for(record: record, **options)
  policy.apply(authorization_rule_for(policy, rule))
end

#authorization_context ⇒ `Object`

# File 'lib/action_policy/behaviour.rb', line 47

def authorization_context
  return @__authorization_context if
    instance_variable_defined?(:@__authorization_context)

  @__authorization_context = self.class.authorization_targets
                                 .each_with_object({}) do |(key, meth), obj|
    obj[key] = public_send(meth)
  end
end

#authorization_rule_for(policy, rule) ⇒ `Object`

Check that rule is defined for policy, otherwise fallback to :manage? rule.



59
60
61

# File 'lib/action_policy/behaviour.rb', line 59

def authorization_rule_for(policy, rule)
  policy.resolve_rule(rule)
end

#authorize!(record, to:, **options) ⇒ `Object`

Authorize action against a policy.

Policy is inferred from record (unless explicitly specified through ‘with` option).

Raises ‘ActionPolicy::Unauthorized` if check failed.

# File 'lib/action_policy/behaviour.rb', line 33

def authorize!(record, to:, **options)
  policy = policy_for(record: record, **options)

  Authorizer.call(policy, authorization_rule_for(policy, to))
end