Class: DummyAuthorizationHandler::ActionAuthorizer

Inherits:

Decidim::Verifications::DefaultActionAuthorizer

Object
Decidim::Verifications::DefaultActionAuthorizer
DummyAuthorizationHandler::ActionAuthorizer

show all

Defined in:: lib/decidim/generators/app_templates/dummy_authorization_handler.rb

Overview

If you need custom authorization logic, you can implement your own action authorizer. In this case, it allows to set a list of valid postal codes for an authorization.

Instance Attribute Summary collapse

#allowed_postal_codes ⇒ Object readonly

Returns the value of attribute allowed_postal_codes.

Instance Method Summary collapse

#authorize ⇒ Object

Overrides the parent class method, but it still uses it to keep the base behavior.
#redirect_params ⇒ Object

Adds the list of allowed postal codes to the redirect URL, to allow forms to inform about it.

Instance Attribute Details

#allowed_postal_codes ⇒ `Object` (readonly)

Returns the value of attribute allowed_postal_codes.



76
77
78

# File 'lib/decidim/generators/app_templates/dummy_authorization_handler.rb', line 76

def allowed_postal_codes
  @allowed_postal_codes
end

Instance Method Details

#authorize ⇒ `Object`

Overrides the parent class method, but it still uses it to keep the base behavior

# File 'lib/decidim/generators/app_templates/dummy_authorization_handler.rb', line 79

def authorize
  # Remove the additional setting from the options hash to avoid to be considered missing.
  @allowed_postal_codes ||= options.delete("allowed_postal_codes")

  status_code, data = *super

  if allowed_postal_codes.present?
    # Does not authorize users with different postal codes
    if status_code == :ok && !allowed_postal_codes.member?(authorization.metadata["postal_code"])
      status_code = :unauthorized
      data[:fields] = { "postal_code" => authorization.metadata["postal_code"] }
    end

    # Adds an extra message for inform the user the additional restriction for this authorization
    data[:extra_explanation] = { key: "extra_explanation",
                                 params: { scope: "decidim.verifications.dummy_authorization",
                                           count: allowed_postal_codes.count,
                                           postal_codes: allowed_postal_codes.join(", ") } }
  end

  [status_code, data]
end

#redirect_params ⇒ `Object`

Adds the list of allowed postal codes to the redirect URL, to allow forms to inform about it



103
104
105

# File 'lib/decidim/generators/app_templates/dummy_authorization_handler.rb', line 103

def redirect_params
  { "postal_codes" => allowed_postal_codes&.join("-") }
end