Class: CanCanCan::AssignmentAndAuthorization

Inherits:

Object

• Object
• CanCanCan::AssignmentAndAuthorization

Defined in:

lib/cancancan/services/assignment_and_authorization.rb

Instance Attribute Summary

• #ability ⇒ Object readonly

  Returns the value of attribute ability.

• #action_name ⇒ Object readonly

  Returns the value of attribute action_name.

• #params ⇒ Object readonly

  Returns the value of attribute params.

• #parent_object ⇒ Object readonly

  Returns the value of attribute parent_object.

Instance Method Summary

• #call ⇒ Object
• #initialize(current_ability, action_name, parent_object, params) ⇒ AssignmentAndAuthorization constructor

  to handle updating nested attributes NESTED_ATTRIB_PERMISSION_KEY_GEN = Proc.new { |assoc_key| “#assoc_key_attributes”.to_sym } NESTED_ACTION_PERMISSION_KEY_GEN = Proc.new { |assoc_key| “can_update_association#assoc_keyassoc_key.to_s”.to_sym }.

Constructor Details

#initialize(current_ability, action_name, parent_object, params) ⇒ AssignmentAndAuthorization

to handle updating nested attributes NESTED_ATTRIB_PERMISSION_KEY_GEN = Proc.new { |assoc_key| “#assoc_key_attributes”.to_sym } NESTED_ACTION_PERMISSION_KEY_GEN = Proc.new { |assoc_key| “can_update_association#CanCanCan::AssignmentAndAuthorization.assoc_keyassoc_key.to_s”.to_sym }

# File 'lib/cancancan/services/assignment_and_authorization.rb', line 15

def initialize(current_ability, action_name, parent_object, params)
  @ability = current_ability
  @parent_object = parent_object
  @params = params
  if CanCanCan::NestedAssignmentAndAuthorization.configuration.use_resource_key_in_params
    @params = @params[parent_object.model_name.singular.to_sym]
  end
  if @params.kind_of?(ActionController::Parameters)
    @params = @params.permit!.to_h
  end
  @action_name = action_name.to_sym
end

Instance Attribute Details

#ability ⇒ Object (readonly)

Returns the value of attribute ability.

# File 'lib/cancancan/services/assignment_and_authorization.rb', line 5

def ability
  @ability
end

#action_name ⇒ Object (readonly)

Returns the value of attribute action_name.

# File 'lib/cancancan/services/assignment_and_authorization.rb', line 5

def action_name
  @action_name
end

#params ⇒ Object (readonly)

Returns the value of attribute params.

# File 'lib/cancancan/services/assignment_and_authorization.rb', line 5

def params
  @params
end

#parent_object ⇒ Object (readonly)

Returns the value of attribute parent_object.

# File 'lib/cancancan/services/assignment_and_authorization.rb', line 5

def parent_object
  @parent_object
end

Instance Method Details

#call ⇒ Object

# File 'lib/cancancan/services/assignment_and_authorization.rb', line 28

def call
  # Pre-assignment auth check
  first_authorize = @ability.can?(@action_name, @parent_object)
  unless first_authorize || CanCanCan::NestedAssignmentAndAuthorization.configuration.silence_raised_errors
    raise CanCan::AccessDenied.new("Not authorized!", @action_name, @parent_object)
  end

  return false unless first_authorize

  second_authorize = false

  # sanitized_attribs = ActionController::Parameters.new(
  #   @params
  # ).permit(@ability.permitted_attributes(@action_name, @parent_object))

  # sanitized_attribs will only contain attributes, not permitted associations
  sanitized_attribs = sanitize_parameters(@params, @ability.permitted_attributes(@action_name, @parent_object))

  ActiveRecord::Base.transaction do
    # Attributes
    @parent_object.assign_attributes(
      sanitized_attribs.except(
        *@parent_object.class.nested_attributes_options.keys.collect { |v| "#{v}_attributes".to_sym }
      )
    )
    # Associations
    instantiate_and_assign_nested_associations(
      @parent_object,
      sanitize_parameters(sanitized_attribs, @parent_object.class.nested_attributes_options.keys.collect { |v| "#{v}_attributes".to_sym })
    )
    # Post-assignment auth check
    second_authorize = @ability.can?(@action_name, @parent_object)
    unless second_authorize
      # NOTE: Does not halt the controller process, just rolls back the DB
      raise ActiveRecord::Rollback
    end
  end

  unless second_authorize || CanCanCan::NestedAssignmentAndAuthorization.configuration.silence_raised_errors
    raise CanCan::AccessDenied.new("Not authorized!", @action_name, @parent_object)
  end

  return false unless second_authorize

  save_result = @parent_object.save
  return save_result
end