Module: Pundit

Extended by:

ActiveSupport::Concern

Defined in:

lib/pundit.rb,
lib/pundit/rspec.rb,
lib/pundit/version.rb,
lib/pundit/policy_finder.rb,
lib/generators/pundit/policy/policy_generator.rb,
lib/generators/pundit/install/install_generator.rb

Defined Under Namespace

Modules: Generators, RSpec Classes: AuthorizationNotPerformedError, NotAuthorizedError, NotDefinedError, PolicyFinder, PolicyScopingNotPerformedError

Constant Summary

VERSION =

"0.3.0"

Instance Attribute Summary

• #policy_scope(scope) ⇒ Object

Class Method Summary

• .policy(user, record) ⇒ Object
• .policy!(user, record) ⇒ Object
• .policy_scope(user, scope) ⇒ Object
• .policy_scope!(user, scope) ⇒ Object

Instance Method Summary

• #authorize(record, query = nil) ⇒ Object
• #policy(record) ⇒ Object
• #policy=(policy) ⇒ Object
• #pundit_user ⇒ Object
• #verify_authorized ⇒ Object
• #verify_policy_scoped ⇒ Object

Instance Attribute Details

#policy_scope(scope) ⇒ Object

# File 'lib/pundit.rb', line 80

def policy_scope(scope)
  @_policy_scoped = true
  @policy_scope or Pundit.policy_scope!(pundit_user, scope)
end

Class Method Details

.policy(user, record) ⇒ Object

# File 'lib/pundit.rb', line 29

def policy(user, record)
  policy = PolicyFinder.new(record).policy
  policy.new(user, record) if policy
end

.policy!(user, record) ⇒ Object

# File 'lib/pundit.rb', line 34

def policy!(user, record)
  PolicyFinder.new(record).policy!.new(user, record)
end

.policy_scope(user, scope) ⇒ Object

# File 'lib/pundit.rb', line 20

def policy_scope(user, scope)
  policy_scope = PolicyFinder.new(scope).scope
  policy_scope.new(user, scope).resolve if policy_scope
end

.policy_scope!(user, scope) ⇒ Object

# File 'lib/pundit.rb', line 25

def policy_scope!(user, scope)
  PolicyFinder.new(scope).scope!.new(user, scope).resolve
end

Instance Method Details

#authorize(record, query = nil) ⇒ Object

# File 'lib/pundit.rb', line 65

def authorize(record, query=nil)
  query ||= params[:action].to_s + "?"
  @_policy_authorized = true

  policy = policy(record)
  unless policy.public_send(query)
    error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
    error.query, error.record, error.policy = query, record, policy

    raise error
  end

  true
end

#policy(record) ⇒ Object

# File 'lib/pundit.rb', line 86

def policy(record)
  @_policy or Pundit.policy!(pundit_user, record)
end

#policy=(policy) ⇒ Object

# File 'lib/pundit.rb', line 90

def policy=(policy)
  @_policy = policy
end

#pundit_user ⇒ Object

# File 'lib/pundit.rb', line 94

def pundit_user
  current_user
end

#verify_authorized ⇒ Object

Raises:

• (AuthorizationNotPerformedError)

# File 'lib/pundit.rb', line 57

def verify_authorized
  raise AuthorizationNotPerformedError unless @_policy_authorized
end

#verify_policy_scoped ⇒ Object

Raises:

• (PolicyScopingNotPerformedError)

# File 'lib/pundit.rb', line 61

def verify_policy_scoped
  raise PolicyScopingNotPerformedError unless @_policy_scoped
end