Module: Pundit
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/pundit.rb,
lib/pundit/rspec.rb,
lib/pundit/version.rb,
lib/pundit/policy_finder.rb,
lib/generators/pundit/policy/policy_generator.rb,
lib/generators/pundit/install/install_generator.rb
Defined Under Namespace
Modules: Generators, RSpec
Classes: AuthorizationNotPerformedError, NotAuthorizedError, NotDefinedError, PolicyFinder
Constant Summary
collapse
- VERSION =
"0.2.3"
Instance Attribute Summary collapse
Class Method Summary
collapse
Instance Method Summary
collapse
Instance Attribute Details
#policy(record) ⇒ Object
83
84
85
|
# File 'lib/pundit.rb', line 83
def policy(record)
@policy or Pundit.policy!(pundit_user, record)
end
|
#policy_scope(scope) ⇒ Object
77
78
79
80
|
# File 'lib/pundit.rb', line 77
def policy_scope(scope)
@_policy_scoped = true
@policy_scope or Pundit.policy_scope!(pundit_user, scope)
end
|
Class Method Details
.policy(user, record) ⇒ Object
26
27
28
29
|
# File 'lib/pundit.rb', line 26
def policy(user, record)
policy = PolicyFinder.new(record).policy
policy.new(user, record) if policy
end
|
.policy!(user, record) ⇒ Object
31
32
33
|
# File 'lib/pundit.rb', line 31
def policy!(user, record)
PolicyFinder.new(record).policy!.new(user, record)
end
|
.policy_scope(user, scope) ⇒ Object
17
18
19
20
|
# File 'lib/pundit.rb', line 17
def policy_scope(user, scope)
policy_scope = PolicyFinder.new(scope).scope
policy_scope.new(user, scope).resolve if policy_scope
end
|
.policy_scope!(user, scope) ⇒ Object
22
23
24
|
# File 'lib/pundit.rb', line 22
def policy_scope!(user, scope)
PolicyFinder.new(scope).scope!.new(user, scope).resolve
end
|
Instance Method Details
#authorize(record, query = nil) ⇒ Object
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
# File 'lib/pundit.rb', line 62
def authorize(record, query=nil)
query ||= params[:action].to_s + "?"
@_policy_authorized = true
policy = policy(record)
unless policy.public_send(query)
error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
error.query, error.record, error.policy = query, record, policy
raise error
end
true
end
|
#pundit_user ⇒ Object
88
89
90
|
# File 'lib/pundit.rb', line 88
def pundit_user
current_user
end
|
#verify_authorized ⇒ Object
#verify_policy_scoped ⇒ Object