Class: AgentCode::ResourcePolicy

Inherits:

Object

• Object
• AgentCode::ResourcePolicy

Defined in:

lib/agentcode/policies/resource_policy.rb

Overview

Base policy for all AgentCode resources. Mirrors the Laravel ResourcePolicy exactly.

Permission format: 'slug.action' (e.g., 'posts.index', 'blogs.store') Supports wildcards:

• '*' grants access to everything
• 'posts.*' grants access to all actions on posts

Usage: class PostPolicy < AgentCode::ResourcePolicy # Override for custom logic: def update?(user, record) super && record.user_id == user.id end

# Attribute permissions:
def permitted_attributes_for_show(user)
  has_role?(user, 'admin') ? ['*'] : ['id', 'title']
end

def hidden_attributes_for_show(user)
  has_role?(user, 'admin') ? [] : ['internal_notes']
end

def permitted_attributes_for_create(user)
  has_role?(user, 'admin') ? ['*'] : ['title', 'content']
end

def permitted_attributes_for_update(user)
  has_role?(user, 'admin') ? ['*'] : ['title', 'content']
end
end

Instance Attribute Summary

• #record ⇒ Object readonly

  Returns the value of attribute record.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Class Method Summary

• .resource_slug ⇒ Object

  The resource slug used for permission checks.

• .resource_slug=(slug) ⇒ Object

Instance Method Summary

• #create? ⇒ Boolean
• #destroy? ⇒ Boolean (also: #delete?)
• #force_delete? ⇒ Boolean
• #has_role?(user, role_slug) ⇒ Boolean

  Check if the user has a specific role in the current organization.

• #hidden_attributes_for_show(user) ⇒ Array<String>

  Override to blacklist columns from API responses.

• #index? ⇒ Boolean (also: #view_any?)

  ------------------------------------------------------------------ Convention-based CRUD authorization ------------------------------------------------------------------.

• #initialize(user, record) ⇒ ResourcePolicy constructor

  A new instance of ResourcePolicy.

• #permitted_attributes_for_create(user) ⇒ Array<String>

  Override to whitelist which fields a user can submit on create.

• #permitted_attributes_for_show(user) ⇒ Array<String>

  Override to whitelist which columns are visible in API responses.

• #permitted_attributes_for_update(user) ⇒ Array<String>

  Override to whitelist which fields a user can submit on update.

• #restore? ⇒ Boolean
• #show? ⇒ Boolean (also: #view?)
• #update? ⇒ Boolean
• #view_trashed? ⇒ Boolean

  ------------------------------------------------------------------ Soft Delete authorization ------------------------------------------------------------------.

Constructor Details

#initialize(user, record) ⇒ ResourcePolicy

Returns a new instance of ResourcePolicy.

# File 'lib/agentcode/policies/resource_policy.rb', line 39

def initialize(user, record)
  @user = user
  @record = record
end

Instance Attribute Details

#record ⇒ Object (readonly)

Returns the value of attribute record.

# File 'lib/agentcode/policies/resource_policy.rb', line 37

def record
  @record
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'lib/agentcode/policies/resource_policy.rb', line 37

def user
  @user
end

Class Method Details

.resource_slug ⇒ Object

The resource slug used for permission checks. Override in child policies, or it will be auto-resolved from config.

# File 'lib/agentcode/policies/resource_policy.rb', line 46

def self.resource_slug
  @resource_slug
end

.resource_slug=(slug) ⇒ Object

# File 'lib/agentcode/policies/resource_policy.rb', line 50

def self.resource_slug=(slug)
  @resource_slug = slug
end

Instance Method Details

#create? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 70

def create?
  check_permission("store")
end

#destroy? ⇒ Boolean Also known as: delete?

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 78

def destroy?
  check_permission("destroy")
end

#force_delete? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 96

def force_delete?
  check_permission("forceDelete")
end

#has_role?(user, role_slug) ⇒ Boolean

Check if the user has a specific role in the current organization. Convenience method for use in child policies.

Parameters:

• user (Object, nil) —

  The authenticated user

• role_slug (String, Symbol) —

  Role slug (e.g. 'admin', 'editor')

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 150

def has_role?(user, role_slug)
  return false unless user
  return false unless user.respond_to?(:role_slug_for_validation)

  organization = current_organization
  user.role_slug_for_validation(organization) == role_slug.to_s
end

#hidden_attributes_for_show(user) ⇒ Array<String>

Override to blacklist columns from API responses. These are always hidden, even if listed in permitted_attributes_for_show.

Parameters:

• user (Object, nil) —

  The authenticated user

Returns:

• (Array<String>)

# File 'lib/agentcode/policies/resource_policy.rb', line 118

def hidden_attributes_for_show(user)
  []
end

#index? ⇒ Boolean Also known as: view_any?

---

Convention-based CRUD authorization

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 58

def index?
  check_permission("index")
end

#permitted_attributes_for_create(user) ⇒ Array<String>

Override to whitelist which fields a user can submit on create. Return ['*'] to allow all fields (default).

Parameters:

• user (Object, nil) —

  The authenticated user

Returns:

• (Array<String>)

# File 'lib/agentcode/policies/resource_policy.rb', line 127

def permitted_attributes_for_create(user)
  ['*']
end

#permitted_attributes_for_show(user) ⇒ Array<String>

Override to whitelist which columns are visible in API responses. Return ['*'] to allow all columns (default).

Parameters:

• user (Object, nil) —

  The authenticated user

Returns:

• (Array<String>)

# File 'lib/agentcode/policies/resource_policy.rb', line 109

def permitted_attributes_for_show(user)
  ['*']
end

#permitted_attributes_for_update(user) ⇒ Array<String>

Override to whitelist which fields a user can submit on update. Return ['*'] to allow all fields (default).

Parameters:

• user (Object, nil) —

  The authenticated user

Returns:

• (Array<String>)

# File 'lib/agentcode/policies/resource_policy.rb', line 136

def permitted_attributes_for_update(user)
  ['*']
end

#restore? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 92

def restore?
  check_permission("restore")
end

#show? ⇒ Boolean Also known as: view?

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 64

def show?
  check_permission("show")
end

#update? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 74

def update?
  check_permission("update")
end

#view_trashed? ⇒ Boolean

---

Soft Delete authorization

Returns:

• (Boolean)

# File 'lib/agentcode/policies/resource_policy.rb', line 88

def view_trashed?
  check_permission("trashed")
end