Module: NexusCqrs::Auth

Includes:

Pundit::Authorization

Included in:

BaseCommandHandler, BaseQueryHandler

Defined in:

lib/nexus_cqrs/auth/auth.rb,
lib/nexus_cqrs/auth/ownable.rb,
lib/nexus_cqrs/auth/user_context.rb,
lib/nexus_cqrs/auth/permission_provider.rb

Overview

Concern used to provide authorisation abilities to handlers and other classes. Overrides pundit’s ‘authorize` method and creates helpers for the permission_provider

Defined Under Namespace

Modules: Ownable Classes: OwnableRelationshipNotSet, PermissionProvider, UserContext

Instance Method Summary

• #authorize(message, record, query = nil, policy_class: nil) ⇒ Object

  Overrides pundit’s ‘authorize` method, allowing the message to be passed.

• #current_user ⇒ Object
• #permission_provider(message) ⇒ PermissionProvider

  Helper method for creating a permissions provider object from a query object.

• #pundit_user ⇒ Object

Instance Method Details

#authorize(message, record, query = nil, policy_class: nil) ⇒ Object

Overrides pundit’s ‘authorize` method, allowing the message to be passed

Parameters:

• message (NexusCqrs::BaseMessage) —

  Message to authorise against

Raises:

• (Pundit::NotAuthorizedError)

See Also:

• Pundit#authorize

# File 'lib/nexus_cqrs/auth/auth.rb', line 15

def authorize(message, record, query = nil, policy_class: nil)
  # Populate the query from the command, or the params if it's being overriden
  query ||= Strings::Case.snakecase(message.demodularised_class_name) + '?'

  # Retreive the policy class object from the type of record we are passing in
  policy_class ||= Pundit::PolicyFinder.new(record).policy

  # Pull context variables from command
  user = message.metadata[:current_user]
  global_permissions = message.metadata[:global_permissions]

  # Instantiate new policy class, with context
  policy = policy_class.new(UserContext.new(user, global_permissions), record)
  raise Pundit::NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)

  record.is_a?(Array) ? record.last : record
end

#current_user ⇒ Object

# File 'lib/nexus_cqrs/auth/auth.rb', line 46

def current_user
  return super if defined?(super)

  nil
end

#permission_provider(message) ⇒ PermissionProvider

Helper method for creating a permissions provider object from a query object. This allows certain permissions to be checked inside the command handler, as opposed to inside the policy

Parameters:

• message (NexusCqrs::BaseMessage) —

  Create the PermissionProvider using the message metadata

Returns:

• (PermissionProvider) —

  A new instance of the permission provider

# File 'lib/nexus_cqrs/auth/auth.rb', line 38

def permission_provider(message)
  PermissionProvider.new(message.metadata[:current_user], message.metadata[:global_permissions])
end

#pundit_user ⇒ Object

# File 'lib/nexus_cqrs/auth/auth.rb', line 42

def pundit_user
  nil
end