Module: Decidim::ActionAuthorization

Extended by:

ActiveSupport::Concern

Included in:

Features::BaseController

Defined in:

decidim-core/app/controllers/concerns/decidim/action_authorization.rb

Defined Under Namespace

Classes: Unauthorized

Instance Method Summary

• #_action_authorizer(action_name) ⇒ Object
• #action_authorization(action_name) ⇒ Object

  Public: Returns the authorization object for an authorization.

• #authorize_action!(action_name, redirect_url: nil) ⇒ Object

  Public: Authorizes an action of a feature given an action name.

• #authorize_action_path(action_name, redirect_url: nil) ⇒ Object

  Public: Returns the authorization path for a failed authorization with the populated redirect url.

• #authorize_action_path_from_status(status, redirect_url: nil) ⇒ Object

  Public: Returns the authorization path for a failed authorization with the populated redirect url.

Instance Method Details

#_action_authorizer(action_name) ⇒ Object

# File 'decidim-core/app/controllers/concerns/decidim/action_authorization.rb', line 68

def _action_authorizer(action_name)
  ::Decidim::ActionAuthorizer.new(current_user, current_feature, action_name)
end

#action_authorization(action_name) ⇒ Object

Public: Returns the authorization object for an authorization.

action_name - The action to authorize against.

Returns an ActionAuthorizer::AuthorizationStatus

# File 'decidim-core/app/controllers/concerns/decidim/action_authorization.rb', line 34

def action_authorization(action_name)
  _action_authorizer(action_name).authorize
end

#authorize_action!(action_name, redirect_url: nil) ⇒ Object

Public: Authorizes an action of a feature given an action name.

action_name - The action name to authorize. Actions are set up on the

feature's permissions panel.

redirect_url - Url to be redirected to when the authorization is finished.

Raises:

• (Unauthorized)

# File 'decidim-core/app/controllers/concerns/decidim/action_authorization.rb', line 18

def authorize_action!(action_name, redirect_url: nil)
  @action_authorizations ||= {}
  @action_authorizations[action_name] = _action_authorizer(action_name).authorize
  status = @action_authorizations[action_name]

  return if status.ok?
  raise Unauthorized if status.code == :invalid

  redirect_to authorize_action_path_from_status(status, redirect_url)
end

#authorize_action_path(action_name, redirect_url: nil) ⇒ Object

Public: Returns the authorization path for a failed authorization with the populated redirect url.

action_name - The action name to authorize against. redirect_url - The url to redirect to when finished.

Returns a String.

# File 'decidim-core/app/controllers/concerns/decidim/action_authorization.rb', line 45

def authorize_action_path(action_name, redirect_url: nil)
  redirect_url ||= request.path

  authorize_action_path_from_status(
    action_authorization(action_name),
    redirect_url: redirect_url
  )
end

#authorize_action_path_from_status(status, redirect_url: nil) ⇒ Object

Public: Returns the authorization path for a failed authorization with the populated redirect url.

status - The status after an authorization check. redirect_url - The url to redirect to when finished.

Returns a String.

# File 'decidim-core/app/controllers/concerns/decidim/action_authorization.rb', line 61

def authorize_action_path_from_status(status, redirect_url: nil)
  decidim.new_authorization_path(
    handler: status.data[:handler],
    redirect_url: redirect_url
  )
end