Module: Glib::Auth::Policy

Extended by:

ActiveSupport::Concern

Defined in:

app/controllers/concerns/glib/auth/policy.rb

Defined Under Namespace

Modules: ClassMethods, Overrides Classes: UnauthorizedError

Instance Method Summary

• #assert_current_user_present ⇒ Object
• #can?(action, record, context = nil) ⇒ Boolean
• #cannot?(action, record, context = nil) ⇒ Boolean
• #glib_authorize_resource(*args) ⇒ Object

  Inspired from github.com/ryanb/cancan/wiki/Non-RESTful-Controllers.

• #glib_raise_forbidden ⇒ Object
• #glib_skip_controller_action_if_permission_test ⇒ Object
• #resource_name_from_controller ⇒ Object

Instance Method Details

#assert_current_user_present ⇒ Object

Raises:

• (UnauthorizedError)

# File 'app/controllers/concerns/glib/auth/policy.rb', line 28

def assert_current_user_present
  raise UnauthorizedError unless current_user
end

#can?(action, record, context = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/concerns/glib/auth/policy.rb', line 76

def can?(action, record, context = nil)
  policy(record, nil, context).send("#{action}?")
end

#cannot?(action, record, context = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/controllers/concerns/glib/auth/policy.rb', line 80

def cannot?(action, record, context = nil)
  !policy(record, nil, context).send("#{action}?")
end

#glib_authorize_resource(*args) ⇒ Object

Inspired from github.com/ryanb/cancan/wiki/Non-RESTful-Controllers

# File 'app/controllers/concerns/glib/auth/policy.rb', line 85

def glib_authorize_resource(*args)
  options = args.extract_options!
  resource_name = args.first

  resource_name ||= controller_name.split('/').last.singularize

  if (resource_key = options[:class]).nil?
    policy_name = resource_name.camelize.constantize
  else
    policy_name = case resource_key
                  when false
                    resource_name.to_sym
                  when Symbol, Class
                    resource_key
                  else
                    raise "Invalid resource class: #{resource_key}"
    end
  end

  resource_instance = instance_variable_get("@#{resource_name}") || options[:resource] || policy_name

  query = "#{action_name}?"
  policy_instance = policy(resource_instance, policy_name, options.fetch(:context, nil))
  raise_access_denied(resource_instance, policy_instance) unless policy_instance.public_send(query)
end

#glib_raise_forbidden ⇒ Object

Raises:

• (UnauthorizedError)

# File 'app/controllers/concerns/glib/auth/policy.rb', line 66

def glib_raise_forbidden
  raise UnauthorizedError
end

#glib_skip_controller_action_if_permission_test ⇒ Object

# File 'app/controllers/concerns/glib/auth/policy.rb', line 111

def glib_skip_controller_action_if_permission_test
  permission_test = params[:__glib_permission_test].present?

  if permission_test
    instance_exec(&self.class.glib_permission_test_callback)
    render status: 200, json: { status: 'ok' }
  end
end

#resource_name_from_controller ⇒ Object

# File 'app/controllers/concerns/glib/auth/policy.rb', line 176

def resource_name_from_controller
  params[:controller].split('/').last.singularize
end