Module: Pundit

Extended by:

ActiveSupport::Concern

Defined in:

lib/pundit.rb,
lib/pundit/rspec.rb,
lib/pundit/version.rb,
lib/pundit/policy_finder.rb,
lib/generators/pundit/policy/policy_generator.rb,
lib/generators/pundit/install/install_generator.rb

Defined Under Namespace

Classes: AuthorizationNotPerformedError, InvalidConstructorError, NotAuthorizedError, NotDefinedError, PolicyFinder, PolicyScopingNotPerformedError

Constant Summary

SUFFIX =

"Policy".freeze

Class Method Summary

• .authorize(user, record, query, policy_class: nil) ⇒ Object

  Retrieves the policy for the given record, initializing it with the record and user and finally throwing an error if the user is not authorized to perform the given action.

• .policy(user, record) ⇒ Object^?

  Retrieves the policy for the given record.

• .policy!(user, record) ⇒ Object

  Retrieves the policy for the given record.

• .policy_scope(user, scope) ⇒ Scope{#resolve}^?

  Retrieves the policy scope for the given record.

• .policy_scope!(user, scope) ⇒ Scope{#resolve}

  Retrieves the policy scope for the given record.

Class Method Details

.authorize(user, record, query, policy_class: nil) ⇒ Object

Retrieves the policy for the given record, initializing it with the record and user and finally throwing an error if the user is not authorized to perform the given action.

Parameters:

• user (Object) —

  the user that initiated the action

• record (Object) —

  the object we're checking permissions of

• query (Symbol, String) —

  the predicate method to check on the policy (e.g. :show?)

• policy_class (Class) (defaults to: nil) —

  the policy class we want to force use of

Returns:

• (Object) —

  Always returns the passed object record

Raises:

• (NotAuthorizedError) —

  if the given query method returned false

# File 'lib/pundit.rb', line 69

def authorize(user, record, query, policy_class: nil)
  policy = policy_class ? policy_class.new(user, record) : policy!(user, record)

  raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)

  record
end

.policy(user, record) ⇒ Object^?

Retrieves the policy for the given record.

Parameters:

• user (Object) —

  the user that initiated the action

• record (Object) —

  the object we're retrieving the policy for

Returns:

• (Object, nil) —

  instance of policy class with query methods

Raises:

• (InvalidConstructorError) —

  if the policy constructor called incorrectly

See Also:

• https://github.com/varvet/pundit#policies

# File 'lib/pundit.rb', line 125

def policy(user, record)
  policy = PolicyFinder.new(record).policy
  policy.new(user, pundit_model(record)) if policy
rescue ArgumentError
  raise InvalidConstructorError, "Invalid #<#{policy}> constructor is called"
end

.policy!(user, record) ⇒ Object

Retrieves the policy for the given record.

Parameters:

• user (Object) —

  the user that initiated the action

• record (Object) —

  the object we're retrieving the policy for

Returns:

• (Object) —

  instance of policy class with query methods

Raises:

• (NotDefinedError) —

  if the policy cannot be found

• (InvalidConstructorError) —

  if the policy constructor called incorrectly

See Also:

• https://github.com/varvet/pundit#policies

# File 'lib/pundit.rb', line 140

def policy!(user, record)
  policy = PolicyFinder.new(record).policy!
  policy.new(user, pundit_model(record))
rescue ArgumentError
  raise InvalidConstructorError, "Invalid #<#{policy}> constructor is called"
end

.policy_scope(user, scope) ⇒ Scope{#resolve}^?

Retrieves the policy scope for the given record.

Parameters:

• user (Object) —

  the user that initiated the action

• scope (Object) —

  the object we're retrieving the policy scope for

Returns:

• (Scope{#resolve}, nil) —

  instance of scope class which can resolve to a scope

Raises:

• (InvalidConstructorError) —

  if the policy constructor called incorrectly

See Also:

• https://github.com/varvet/pundit#scopes

# File 'lib/pundit.rb', line 84

def policy_scope(user, scope)
  policy_scope_class = PolicyFinder.new(scope).scope
  return unless policy_scope_class

  begin
    policy_scope = policy_scope_class.new(user, pundit_model(scope))
  rescue ArgumentError
    raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
  end

  policy_scope.resolve
end

.policy_scope!(user, scope) ⇒ Scope{#resolve}

Retrieves the policy scope for the given record.

Parameters:

• user (Object) —

  the user that initiated the action

• scope (Object) —

  the object we're retrieving the policy scope for

Returns:

• (Scope{#resolve}) —

  instance of scope class which can resolve to a scope

Raises:

• (NotDefinedError) —

  if the policy scope cannot be found

• (InvalidConstructorError) —

  if the policy constructor called incorrectly

See Also:

• https://github.com/varvet/pundit#scopes

# File 'lib/pundit.rb', line 105

def policy_scope!(user, scope)
  policy_scope_class = PolicyFinder.new(scope).scope!
  return unless policy_scope_class

  begin
    policy_scope = policy_scope_class.new(user, pundit_model(scope))
  rescue ArgumentError
    raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
  end

  policy_scope.resolve
end