Module: ActionPolicy::Behaviours::Scoping

Included in:: ActionPolicy::Behaviour, Policy::Scoping

Defined in:: lib/action_policy/behaviours/scoping.rb

Overview

Adds ‘authorized_scop` method to behaviour

Instance Method Summary collapse

#authorization_scope_type_for(policy, target) ⇒ Object

Infer scope type for target if none provided.
#authorized_scope(target, type: nil, as: :default, scope_options: nil, **options) ⇒ Object (also: #authorized)

Apply scope to the target of the specified type.

Instance Method Details

#authorization_scope_type_for(policy, target) ⇒ `Object`

Infer scope type for target if none provided. Raises an exception if type couldn’t be inferred.



30
31
32

# File 'lib/action_policy/behaviours/scoping.rb', line 30

def authorization_scope_type_for(policy, target)
  policy.resolve_scope_type(target)
end

#authorized_scope(target, type: nil, as: :default, scope_options: nil, **options) ⇒ `Object` Also known as: authorized

Apply scope to the target of the specified type.

NOTE: policy lookup consists of the following steps:

- first, check whether `with` option is present
- secondly, try to infer policy class from `target` (non-raising lookup)
- use `implicit_authorization_target` if none of the above works.

# File 'lib/action_policy/behaviours/scoping.rb', line 13

def authorized_scope(target, type: nil, as: :default, scope_options: nil, **options)
  options[:context] && (options[:context] = authorization_context.merge(options[:context]))

  policy = policy_for(record: target, allow_nil: true, **options)
  policy ||= policy_for(record: implicit_authorization_target!, **options)

  type ||= authorization_scope_type_for(policy, target)
  name = as

  Authorizer.scopify(target, policy, type:, name:, scope_options:)
end