Module: Pragma::Operation::Authorization::InstanceMethods

Defined in:

lib/pragma/operation/authorization.rb

Overview

:nodoc:

Instance Method Summary

• #authorize(authorizable) ⇒ Boolean

  Authorizes this operation on the provided resource or policy.

• #authorize!(authorizable) ⇒ Object

  Authorizes this operation on the provided resource or policy.

• #authorize_collection(collection) ⇒ Pragma::Decorator::Base|Enumerable

  Scopes the provided collection.

• #build_policy(resource) ⇒ Pragma::Policy::Base

  Builds the policy for the current user and the given resource, using the previously defined policy class.

Instance Method Details

#authorize(authorizable) ⇒ Boolean

Authorizes this operation on the provided resource or policy.

If no policy was defined, simply returns true.

Parameters:

• authorizable (Pragma::Policy::Base|Object) —

  resource or policy

Returns:

• (Boolean) —

  whether the operation is authorized

# File 'lib/pragma/operation/authorization.rb', line 63

def authorize(authorizable)
  return true unless self.class.policy_klass

  policy = if self.class.policy_klass && authorizable.is_a?(self.class.policy_klass)
    authorizable
  else
    build_policy(authorizable)
  end

  params.each_pair do |name, value|
    next unless policy.resource.respond_to?("#{name}=")
    policy.resource.send("#{name}=", value)
  end

  policy.send("#{self.class.operation_name}?")
end

#authorize!(authorizable) ⇒ Object

Authorizes this operation on the provided resource or policy. If the user is not authorized to perform the operation, responds with 403 Forbidden and an error body and halts the execution.

Parameters:

• authorizable (Pragma::Policy::Base|Object) —

  resource or policy

# File 'lib/pragma/operation/authorization.rb', line 85

def authorize!(authorizable)
  return if authorize(authorizable)

  respond_with!(
    status: :forbidden,
    resource: {
      error_type: :forbidden,
      error_message: 'You are not authorized to perform this operation.'
    }
  )
end

#authorize_collection(collection) ⇒ Pragma::Decorator::Base|Enumerable

Scopes the provided collection.

If no policy class is defined, simply returns the collection.

Parameters:

• collection (Enumerable)

Returns:

• (Pragma::Decorator::Base|Enumerable)

# File 'lib/pragma/operation/authorization.rb', line 104

def authorize_collection(collection)
  return collection unless self.class.policy_klass

  self.class.policy_klass.accessible_by(
    user: current_user,
    scope: collection
  )
end

#build_policy(resource) ⇒ Pragma::Policy::Base

Builds the policy for the current user and the given resource, using the previously defined policy class.

Parameters:

• resource (Object)

Returns:

• (Pragma::Policy::Base)

See Also:

• policy
• #build_policy

# File 'lib/pragma/operation/authorization.rb', line 52

def build_policy(resource)
  self.class.build_policy(user: current_user, resource: resource)
end