Module: ActionPolicy::Controller

Extended by:
ActiveSupport::Concern
Includes:
Behaviour, Behaviours::Memoized, Behaviours::Namespaced, Behaviours::ThreadMemoized
Defined in:
lib/action_policy/rails/controller.rb

Overview

Controller concern. Add authorize! and allowed_to? methods, provide verify_authorized and verify_authorized_scoped hooks.

Instance Method Summary collapse

Methods included from Behaviours::Namespaced

prepended

Methods included from Behaviours::Memoized

#__policies_cache__, #__policy_memoize__, prepended

Methods included from Behaviours::ThreadMemoized

#__policy_thread_memoize__, prepended

Methods included from Behaviour

#allowance_to, #allowed_to?, #authorization_context, #authorization_rule_for, included, #lookup_authorization_policy

Methods included from Behaviours::Scoping

#authorization_scope_type_for

Methods included from Behaviours::PolicyFor

#authorization_context, #authorization_namespace, #authorization_strict_namespace, #build_authorization_context, #default_authorization_policy_class, #implicit_authorization_target!, #policy_for, #policy_for_cache_key

Instance Method Details

#authorize!(record = :__undef__, to: nil, **options) ⇒ Object

Authorize action against a policy.

Policy is inferred from record (unless explicitly specified through with option).

If action is not provided, it’s inferred from action_name.

If record is not provided, tries to infer the resource class from controller name (i.e. controller_name.classify.safe_constantize).

Raises ActionPolicy::Unauthorized if check failed.

Returns:

  • the policy record



57
58
59
60
61
62
63
64
 
# File 'lib/action_policy/rails/controller.rb', line 57

def authorize!(record = :__undef__, to: nil, **options)
  to ||= :"#{action_name}?"

  policy_record = super

  self.authorize_count += 1
  policy_record
end

#authorize_countObject 



92
93
94
 
# File 'lib/action_policy/rails/controller.rb', line 92

def authorize_count
  @authorize_count ||= 0
end

#authorized_scope(target, **options) ⇒ Object

Apply scope to the target.

Returns:

  • the scoped target



69
70
71
72
73
74
 
# File 'lib/action_policy/rails/controller.rb', line 69

def authorized_scope(target, **options)
  scoped = super

  self.scoped_count += 1
  scoped
end

#implicit_authorization_targetObject

Tries to infer the resource class from controller name (i.e. controller_name.classify.safe_constantize).



78
79
80
 
# File 'lib/action_policy/rails/controller.rb', line 78

def implicit_authorization_target
  controller_name&.classify&.safe_constantize
end

#scoped_countObject 



96
97
98
 
# File 'lib/action_policy/rails/controller.rb', line 96

def scoped_count
  @scoped_count ||= 0
end

#skip_verify_authorized!Object 



100
101
102
 
# File 'lib/action_policy/rails/controller.rb', line 100

def skip_verify_authorized!
  @verify_authorized_skipped = true
end

#skip_verify_authorized_scoped!Object 



104
105
106
 
# File 'lib/action_policy/rails/controller.rb', line 104

def skip_verify_authorized_scoped!
  @verify_authorized_scoped_skipped = true
end

#verify_authorizedObject 



82
83
84
85
 
# File 'lib/action_policy/rails/controller.rb', line 82

def verify_authorized
  Kernel.raise UnauthorizedAction.new(controller_path, action_name) if
    authorize_count.zero? && !verify_authorized_skipped
end

#verify_authorized_scopedObject 



87
88
89
90
 
# File 'lib/action_policy/rails/controller.rb', line 87

def verify_authorized_scoped
  Kernel.raise UnscopedAction.new(controller_path, action_name) if
    scoped_count.zero? && !verify_authorized_scoped_skipped
end