Module: Pundit

Extended by:
ActiveSupport::Concern
Defined in:
lib/pundit.rb,
lib/pundit/rspec.rb,
lib/pundit/version.rb,
lib/pundit/policy_finder.rb,
lib/generators/pundit/policy/policy_generator.rb,
lib/generators/pundit/install/install_generator.rb

Defined Under Namespace

Modules: Generators, Helper, RSpec Classes: AuthorizationNotPerformedError, Error, NotAuthorizedError, NotDefinedError, PolicyFinder, PolicyScopingNotPerformedError

Constant Summary collapse

SUFFIX = 
"Policy"
VERSION = 
"1.0.0"

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.authorize(user, record, query) ⇒ Object 



33
34
35
36
37
38
39
40
41
 
# File 'lib/pundit.rb', line 33

def authorize(user, record, query)
  policy = policy!(user, record)

  unless policy.public_send(query)
    raise NotAuthorizedError.new(query: query, record: record, policy: policy)
  end

  true
end

.policy(user, record) ⇒ Object 



52
53
54
55
 
# File 'lib/pundit.rb', line 52

def policy(user, record)
  policy = PolicyFinder.new(record).policy
  policy.new(user, record) if policy
end

.policy!(user, record) ⇒ Object 



57
58
59
 
# File 'lib/pundit.rb', line 57

def policy!(user, record)
  PolicyFinder.new(record).policy!.new(user, record)
end

.policy_scope(user, scope) ⇒ Object 



43
44
45
46
 
# File 'lib/pundit.rb', line 43

def policy_scope(user, scope)
  policy_scope = PolicyFinder.new(scope).scope
  policy_scope.new(user, scope).resolve if policy_scope
end

.policy_scope!(user, scope) ⇒ Object 



48
49
50
 
# File 'lib/pundit.rb', line 48

def policy_scope!(user, scope)
  PolicyFinder.new(scope).scope!.new(user, scope).resolve
end

Instance Method Details

#authorize(record, query = nil) ⇒ Object 



106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'lib/pundit.rb', line 106

def authorize(record, query=nil)
  query ||= params[:action].to_s + "?"

  @_pundit_policy_authorized = true

  policy = policy(record)
  unless policy.public_send(query)
    raise NotAuthorizedError.new(query: query, record: record, policy: policy)
  end

  true
end

#permitted_attributes(record) ⇒ Object 



136
137
138
139
 
# File 'lib/pundit.rb', line 136

def permitted_attributes(record)
  name = record.class.to_s.demodulize.underscore
  params.require(name).permit(policy(record).permitted_attributes)
end

#policiesObject 



141
142
143
 
# File 'lib/pundit.rb', line 141

def policies
  @_pundit_policies ||= {}
end

#policy(record) ⇒ Object 



132
133
134
 
# File 'lib/pundit.rb', line 132

def policy(record)
  policies[record] ||= Pundit.policy!(pundit_user, record)
end

#policy_scope(scope) ⇒ Object 



127
128
129
130
 
# File 'lib/pundit.rb', line 127

def policy_scope(scope)
  @_pundit_policy_scoped = true
  pundit_policy_scope(scope)
end

#policy_scopesObject 



145
146
147
 
# File 'lib/pundit.rb', line 145

def policy_scopes
  @_pundit_policy_scopes ||= {}
end

#pundit_policy_authorized?Boolean

Returns:

  • (Boolean) 


90
91
92
 
# File 'lib/pundit.rb', line 90

def pundit_policy_authorized?
  !!@_pundit_policy_authorized
end

#pundit_policy_scoped?Boolean

Returns:

  • (Boolean) 


94
95
96
 
# File 'lib/pundit.rb', line 94

def pundit_policy_scoped?
  !!@_pundit_policy_scoped
end

#pundit_userObject 



149
150
151
 
# File 'lib/pundit.rb', line 149

def pundit_user
  current_user
end

#skip_authorizationObject 



119
120
121
 
# File 'lib/pundit.rb', line 119

def skip_authorization
  @_pundit_policy_authorized = true
end

#skip_policy_scopeObject 



123
124
125
 
# File 'lib/pundit.rb', line 123

def skip_policy_scope
  @_pundit_policy_scoped = true
end

#verify_authorizedObject

Raises:



98
99
100
 
# File 'lib/pundit.rb', line 98

def verify_authorized
  raise AuthorizationNotPerformedError unless pundit_policy_authorized?
end

#verify_policy_scopedObject

Raises:



102
103
104
 
# File 'lib/pundit.rb', line 102

def verify_policy_scoped
  raise PolicyScopingNotPerformedError unless pundit_policy_scoped?
end