Module: Dry::Ability::Controller::DSL

Included in:

ClassMethods

Defined in:

lib/dry/ability/controller/dsl.rb

Instance Method Summary

• #cancan_skipper ⇒ Object
• #check_authorization(**options) ⇒ Object

  Add this to a controller to ensure it performs authorization through authorized! or authorize_resource call.

• #set_resource_mediator_callback(name, **opts) ⇒ Object (also: #load_and_authorize_resource, #load_resource, #authorize_resource) private
• #skip_authorization_check(*args) ⇒ Object

  Call this in the class of a controller to skip the check_authorization behavior on the actions.

• #skip_authorize_resource(name, **options) ⇒ Object

  Skip the authorization behavior of CanCan.

• #skip_load_and_authorize_resource(*args) ⇒ Object

  Skip both the loading and authorization behavior of CanCan for this given controller.

• #skip_load_resource(name, **options) ⇒ Object

  Skip the loading behavior of CanCan.

Instance Method Details

#cancan_skipper ⇒ Object

# File 'lib/dry/ability/controller/dsl.rb', line 155

def cancan_skipper
  @_cancan_skipper ||= { authorize: {}, load: {} }
end

#check_authorization(**options) ⇒ Object

Add this to a controller to ensure it performs authorization through authorized! or authorize_resource call. If neither of these authorization methods are called, a CanCan::AuthorizationNotPerformed exception will be raised. This is normally added to the ApplicationController to ensure all controller actions do authorization.

class ApplicationController < ActionController::Base
  check_authorization
end

See skip_authorization_check to bypass this check on specific controller actions.

Options:

:only

Only applies to given actions.

:except

Does not apply to given actions.

:if

Supply the name of a controller method to be called. The authorization check only takes place if this returns true.

check_authorization :if => :admin_controller?

:unless

Supply the name of a controller method to be called. The authorization check only takes place if this returns false.

check_authorization :unless => :devise_controller?

# File 'lib/dry/ability/controller/dsl.rb', line 133

def check_authorization(**options)
  after_action(**options) do |controller|
    next if controller.instance_variable_defined?(:@_authorized)
    raise AuthorizationNotPerformed,
          'This action failed the check_authorization because it does not authorize_resource. '\
          'Add skip_authorization_check to bypass this check.'
  end
end

#set_resource_mediator_callback(name, **opts) ⇒ Object Also known as: load_and_authorize_resource, load_resource, authorize_resource

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

# File 'lib/dry/ability/controller/dsl.rb', line 17

def set_resource_mediator_callback(name, **opts)
  callback_options = opts.extract!(:only, :except, :if, :unless, :prepend)
  @_resource_mediators ||= Concurrent::Map.new
  @_resource_mediators.fetch_or_store(name) do
    ResourceMediator.new(name, controller_path, __callee__, **opts).
      tap { |m| before_action m, callback_options }
  end.sequence << __callee__
end

#skip_authorization_check(*args) ⇒ Object

Call this in the class of a controller to skip the check_authorization behavior on the actions.

class HomeController < ApplicationController
  skip_authorization_check :only => :index
end

Any arguments are passed to the before_action it triggers.

# File 'lib/dry/ability/controller/dsl.rb', line 149

def skip_authorization_check(*args)
  before_action(*args) do |controller|
    controller.instance_variable_set(:@_authorized, true)
  end
end

#skip_authorize_resource(name, **options) ⇒ Object

Skip the authorization behavior of CanCan. This is useful when using load_and_authorize_resource but want to only do loading on certain actions. You can pass :only and :except options to specify which actions to skip the effects on. It will apply to all actions by default.

class ProjectsController < ApplicationController
  load_and_authorize_resource
  skip_authorize_resource :only => :index
end

You can also pass the resource name as the first argument to skip that resource.

# File 'lib/dry/ability/controller/dsl.rb', line 99

def skip_authorize_resource(name, **options)
  cancan_skipper[:authorize][name] = options
end

#skip_load_and_authorize_resource(*args) ⇒ Object

Skip both the loading and authorization behavior of CanCan for this given controller. This is primarily useful to skip the behavior of a superclass. You can pass :only and :except options to specify which actions to skip the effects on. It will apply to all actions by default.

class ProjectsController < SomeOtherController
  skip_load_and_authorize_resource :only => :index
end

You can also pass the resource name as the first argument to skip that resource.

# File 'lib/dry/ability/controller/dsl.rb', line 70

def skip_load_and_authorize_resource(*args)
  skip_load_resource(*args)
  skip_authorize_resource(*args)
end

#skip_load_resource(name, **options) ⇒ Object

Skip the loading behavior of CanCan. This is useful when using load_and_authorize_resource but want to only do authorization on certain actions. You can pass :only and :except options to specify which actions to skip the effects on. It will apply to all actions by default.

class ProjectsController < ApplicationController
  load_and_authorize_resource
  skip_load_resource :only => :index
end

You can also pass the resource name as the first argument to skip that resource.

# File 'lib/dry/ability/controller/dsl.rb', line 85

def skip_load_resource(name, **options)
  cancan_skipper[:load][name] = options
end