Class: Policy::Base

Inherits:

Object

Object
Policy::Base

show all

Extended by:: Role

Includes:: PolicyDefaults

Defined in:: lib/pundit_roles/policy/base.rb

Overview

Base policy class to be extended by all other policies, authorizes users based on roles they fall into, return a uniquely merged hash of permitted attributes and associations of each role the @user has.

Defined Under Namespace

Classes: Scope

Constant Summary

Constants included from PolicyDefaults

PolicyDefaults::RESTRICTED_CREATE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_CREATE_ATTRIBUTES, PolicyDefaults::RESTRICTED_SAVE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_SAVE_ATTRIBUTES, PolicyDefaults::RESTRICTED_SHOW_ASSOCIATIONS, PolicyDefaults::RESTRICTED_SHOW_ATTRIBUTES, PolicyDefaults::RESTRICTED_UPDATE_ASSOCIATIONS, PolicyDefaults::RESTRICTED_UPDATE_ATTRIBUTES

Instance Attribute Summary collapse

#record ⇒ Object readonly

the object we’re checking permissions of.
#resource ⇒ Object readonly

Returns the value of attribute resource.
#user ⇒ Object readonly

the user that initiated the action.

Attributes included from Role

#permissions_hash

Instance Method Summary collapse

#initialize(user, resource) ⇒ Base constructor

A new instance of Base.
#resolve_query(query) ⇒ Object

Retrieves the permitted roles for the current query, checks if user is one or more of these roles and return a hash of attributes and associations that the user has access to.

Methods included from Role

role

Methods included from PolicyDefaults

#create?, #destroy?, #index?, #show?, #update?

Constructor Details

#initialize(user, resource) ⇒ `Base`

Returns a new instance of Base.

# File 'lib/pundit_roles/policy/base.rb', line 17

def initialize(user, resource)
  @user = user
  @resource = resource
end

Instance Attribute Details

#record ⇒ `Object` (readonly)

the object we’re checking permissions of

Returns:

(Object) —

the current value of record



12
13
14

# File 'lib/pundit_roles/policy/base.rb', line 12

def record
  @record
end

#resource ⇒ `Object` (readonly)

Returns the value of attribute resource.



16
17
18

# File 'lib/pundit_roles/policy/base.rb', line 16

def resource
  @resource
end

#user ⇒ `Object` (readonly)

the user that initiated the action

Returns:

(Object) —

the current value of user



12
13
14

# File 'lib/pundit_roles/policy/base.rb', line 12

def user
  @user
end

Instance Method Details

#resolve_query(query) ⇒ `Object`

Retrieves the permitted roles for the current query, checks if user is one or more of these roles and return a hash of attributes and associations that the user has access to.

Parameters:

query (Symbol, String) —

the predicate method to check on the policy (e.g. ‘:show?`)

# File 'lib/pundit_roles/policy/base.rb', line 26

def resolve_query(query)
  permitted_roles = public_send(query)
  if permitted_roles.is_a? TrueClass or permitted_roles.is_a? FalseClass
    return permitted_roles
  end

  permissions_hash = self.class.permissions_hash

  # Always checks if user is a guest, and return the appropriate permission if true
  # the guest role cannot be merged with other roles
  if guest?
    return handle_guest_user(permitted_roles, permissions_hash)
  end
  current_roles = determine_current_roles(permitted_roles, permissions_hash)

  unless current_roles.present?
    return false
  end

  if current_roles.length == 1
    return current_roles.values[0].merge({roles: [current_roles.keys[0]]})
  end

  return unique_merge(current_roles)
end