Class: DeepUnrest::Authorization::PunditStrategy

Inherits:

BaseStrategy

• Object
• BaseStrategy
• DeepUnrest::Authorization::PunditStrategy

Defined in:

lib/deep_unrest/authorization/pundit_strategy.rb

Class Method Summary

• .auth_error_message(user, scope) ⇒ Object
• .authorize(scopes, user) ⇒ Object
• .get_authorized_scope(user, klass) ⇒ Object
• .get_entity_authorization(scope, user) ⇒ Object
• .get_policy(klass) ⇒ Object
• .get_policy_name(method) ⇒ Object

Class Method Details

.auth_error_message(user, scope) ⇒ Object

# File 'lib/deep_unrest/authorization/pundit_strategy.rb', line 19

def self.auth_error_message(user, scope)
  if user
    actor = "#{user.class.name} with id '#{user.id}' is"
  else
    actor = "Anonymous users are"
  end

  target = (scope[:type] || scope[:key]).to_s.classify
  unless %i[create update_all].include? scope[:scope_type]
    target_id = (scope[:id] || scope.dig(:query, :id)).to_s.gsub('.', '')
    target += " with id '#{target_id.to_s.gsub('.', '')}'"
  end

  msg = "#{actor} not authorized to #{scope[:scope_type].to_s.downcase} #{target}"

  [{ title: msg,
     source: { pointer: scope[:path] } }].to_json
end

.authorize(scopes, user) ⇒ Object

# File 'lib/deep_unrest/authorization/pundit_strategy.rb', line 56

def self.authorize(scopes, user)
  scopes.each do |s|
    allowed = get_entity_authorization(s, user)
    unless allowed
      raise DeepUnrest::Unauthorized, auth_error_message(user, s)
    end
  end
end

.get_authorized_scope(user, klass) ⇒ Object

# File 'lib/deep_unrest/authorization/pundit_strategy.rb', line 14

def self.get_authorized_scope(user, klass)
  policy = get_policy(klass)
  policy::Scope.new(user, klass).resolve
end

.get_entity_authorization(scope, user) ⇒ Object

# File 'lib/deep_unrest/authorization/pundit_strategy.rb', line 38

def self.get_entity_authorization(scope, user)
  if %i[create update_all index destroy_all].include?(scope[:scope_type])
    target = scope[:klass]
  elsif scope[:scope]
    # TODO: deprecate this part of the clause following write endpoint refactor
    target = scope[:scope][:base].send(scope[:scope][:method],
                                       *scope[:scope][:arguments])
  else
    return true unless scope[:query][:id]

    target = scope[:klass].find(scope[:query][:id])
  end

  Pundit.policy!(user, target).send(get_policy_name(scope[:scope_type]))
rescue Pundit::NotDefinedError
  false
end

.get_policy(klass) ⇒ Object

# File 'lib/deep_unrest/authorization/pundit_strategy.rb', line 10

def self.get_policy(klass)
  "#{klass}Policy".constantize
end

.get_policy_name(method) ⇒ Object

# File 'lib/deep_unrest/authorization/pundit_strategy.rb', line 6

def self.get_policy_name(method)
  "#{method}?".to_sym
end