Module: Pragma::Operation::Authorization::InstanceMethods

Defined in:

lib/pragma/operation/authorization.rb

Overview

:nodoc:

Instance Method Summary

• #authorize(authorizable) ⇒ Boolean

  Authorizes this operation on the provided resource or policy.

• #authorize!(authorizable) ⇒ Object

  Authorizes this operation on the provided resource or policy.

• #authorize_collection(collection) ⇒ Pragma::Decorator::Base|Enumerable

  Scopes the provided collection.

• #build_policy(resource) ⇒ Pragma::Policy::Base

  Builds the policy for the current user and the given resource, using the previously defined policy class.

• #compute_policy_klass ⇒ Object

Instance Method Details

#authorize(authorizable) ⇒ Boolean

Authorizes this operation on the provided resource or policy.

If no policy was defined, simply returns true.

Parameters:

• authorizable (Pragma::Policy::Base|Object) —

  resource or policy

Returns:

• (Boolean) —

  whether the operation is authorized

# File 'lib/pragma/operation/authorization.rb', line 60

def authorize(authorizable)
  return true unless compute_policy_klass

  # rubocop:disable Metrics/LineLength
  policy = if Object.const_defined?('Pragma::Policy::Base') && authorizable.is_a?(Pragma::Policy::Base)
    authorizable
  else
    build_policy(authorizable)
  end
  # rubocop:enable Metrics/LineLength

  params.each_pair do |name, value|
    next unless policy.resource.respond_to?("#{name}=")
    policy.resource.send("#{name}=", value)
  end

  policy.send("#{self.class.operation_name}?")
end

#authorize!(authorizable) ⇒ Object

Authorizes this operation on the provided resource or policy. If the user is not authorized to perform the operation, responds with 403 Forbidden and an error body and halts the execution.

Parameters:

• authorizable (Pragma::Policy::Base|Object) —

  resource or policy

# File 'lib/pragma/operation/authorization.rb', line 84

def authorize!(authorizable)
  return if authorize(authorizable)

  respond_with!(
    status: :forbidden,
    resource: {
      error_type: :forbidden,
      error_message: 'You are not authorized to perform this operation.'
    }
  )
end

#authorize_collection(collection) ⇒ Pragma::Decorator::Base|Enumerable

Scopes the provided collection.

If no policy class is defined, simply returns the collection.

Parameters:

• collection (Enumerable)

Returns:

• (Pragma::Decorator::Base|Enumerable)

# File 'lib/pragma/operation/authorization.rb', line 103

def authorize_collection(collection)
  policy_klass = compute_policy_klass
  return collection unless policy_klass

  policy_klass.accessible_by(
    user: current_user,
    scope: collection
  )
end

#build_policy(resource) ⇒ Pragma::Policy::Base

Builds the policy for the current user and the given resource, using the previously defined policy class.

Parameters:

• resource (Object)

Returns:

• (Pragma::Policy::Base)

See Also:

• policy
• #build_policy

# File 'lib/pragma/operation/authorization.rb', line 46

def build_policy(resource)
  policy_klass = compute_policy_klass
  return resource unless policy_klass

  policy_klass.new(user: current_user, resource: resource)
end

#compute_policy_klass ⇒ Object

# File 'lib/pragma/operation/authorization.rb', line 113

def compute_policy_klass
  if self.class.policy_klass.is_a?(Proc)
    self.class.policy_klass.call(context)
  else
    self.class.policy_klass
  end
end