Module: PunditHelpers

Defined in:: lib/pundit_helpers.rb,
lib/pundit_helpers/version.rb

Constant Summary collapse

VERSION =

"0.0.2"

Class Method Summary collapse

.included(base) ⇒ Object

Instance Method Summary collapse

#authorized?(record, query = nil) ⇒ Boolean

Pundit’s core ‘#authorize` helper always raises an error, but also lets the controller know an authorization has been performed.
#can?(query, record) ⇒ Boolean

The current user permissions can be policy checked in views:.

Class Method Details

.included(base) ⇒ `Object`

# File 'lib/pundit_helpers.rb', line 4

def self.included(base)
  methods = [:authorized?, :can?]

  if base.respond_to?(:helper_method)
    methods.each { |m| base.helper_method(m) }
  end

  if respond_to?(:hide_action)
    methods.each { |m| base.hide_action(m) }
  end
end

Instance Method Details

#authorized?(record, query = nil) ⇒ `Boolean`

Pundit’s core ‘#authorize` helper always raises an error, but also lets the controller know an authorization has been performed. Sometimes it is preferrable to flag that an authorization check has been made, but return boolean rather than raise. So this uses an exception rescue for flow control, which is not optimal but fits nicely with the current API and doesn’t cause serious breakage

Parameters:

record (record) —
- the record to check
query (string or symbol) (defaults to: nil) —
- the policy action to check for

Returns:

(Boolean)

# File 'lib/pundit_helpers.rb', line 27

def authorized?(record, query=nil)
  begin
    authorize(record, query)
  rescue Pundit::NotAuthorizedError
    false
  end
end

#can?(query, record) ⇒ `Boolean`

The current user permissions can be policy checked in views:

<% if can? :edit, @lesson %>

<a href="/posts/42/edit">edit</a>

<% end %>