Module: NexusCqrs::Auth

Includes:

Pundit::Authorization

Included in:

BaseCommandHandler, BaseQueryHandler

Defined in:

lib/nexus_cqrs/auth/auth.rb,
lib/nexus_cqrs/auth/ownable.rb,
lib/nexus_cqrs/auth/user_context.rb,
lib/nexus_cqrs/auth/permission_provider.rb

Overview

Concern used to provide authorisation abilities to handlers and other classes. Overrides pundit’s ‘authorize` method and creates helpers for the permission_provider

Defined Under Namespace

Modules: Ownable Classes: OwnableRelationshipNotSet, PermissionProvider, UserContext

Instance Method Summary

• #authorize(message, record, query = nil, policy_class: nil) ⇒ Object

  Overrides pundit’s ‘authorize` method, allowing the message to be passed.

• #current_user ⇒ Object
• #permission_provider(message) ⇒ PermissionProvider

  Helper method for creating a permissions provider object from a query object.

• #pundit_user ⇒ Object

Instance Method Details

#authorize(message, record, query = nil, policy_class: nil) ⇒ Object

Overrides pundit’s ‘authorize` method, allowing the message to be passed

Raises:

• (Pundit::NotAuthorizedError)

See Also:

• Pundit#authorize

# File 'lib/nexus_cqrs/auth/auth.rb', line 15

def authorize(message, record, query = nil, policy_class: nil)
  # Populate the query from the command, or the params if it's being overriden
  query ||= Strings::Case.snakecase(message.demodularised_class_name) + '?'

  # Retreive the policy class object from the type of record we are passing in
  policy_class ||= Pundit::PolicyFinder.new(record).policy

  # Pull context variables from command
  user = message.metadata[:current_user]
  global_permissions = message.metadata[:global_permissions]

  # Raise issue if policy class doesn't exist
  raise Pundit::NotAuthorizedError,
        query: query,
        record: record,
        message: "There is no policy class available for #{record.class}" if policy_class.nil?

  # Instantiate new policy class, with context
  policy = policy_class.new(UserContext.new(user, global_permissions), record)
  raise Pundit::NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)

  record.is_a?(Array) ? record.last : record
end

#current_user ⇒ Object

# File 'lib/nexus_cqrs/auth/auth.rb', line 52

def current_user
  return super if defined?(super)

  nil
end

#permission_provider(message) ⇒ PermissionProvider

Helper method for creating a permissions provider object from a query object. This allows certain permissions to be checked inside the command handler, as opposed to inside the policy

# File 'lib/nexus_cqrs/auth/auth.rb', line 44

def permission_provider(message)
  PermissionProvider.new(message.metadata[:current_user], message.metadata[:global_permissions])
end

#pundit_user ⇒ Object

# File 'lib/nexus_cqrs/auth/auth.rb', line 48

def pundit_user
  nil
end