Module: PunditOverwrite

Included in:: Pundit

Defined in:: lib/pundit_roles/pundit.rb

Overview

Contains the overwritten #authorize method

Instance Method Summary collapse

#authorize(resource, query = nil) ⇒ Object, Hash

Overwrite for Pundit’s default authorization, to be able to use PunditRoles.

Instance Method Details

#authorize(resource, query = nil) ⇒ `Object`, `Hash`

Overwrite for Pundit’s default authorization, to be able to use PunditRoles. Does not conflict with existing Pundit implementations

Parameters:

resource (Object) —

the object we’re checking permissions of
query (Symbol, String) (defaults to: nil) —

the predicate method to check on the policy (e.g. ‘:show?`). If omitted then this defaults to the Rails controller action name.

Returns:

(Object, Hash) —

Returns the permissions hash or the record

Raises:

(NotAuthorizedError) —

if the given query method returned false

# File 'lib/pundit_roles/pundit.rb', line 12

def authorize(resource, query = nil)
  query ||= params[:action].to_s + '?'

  @_pundit_policy_authorized = true

  policy = policy(resource)

  permitted_records = policy.resolve_query(query)

  unless permitted_records
    raise Pundit::NotAuthorizedError, query: query, record: resource, policy: policy
  end

  if permitted_records.is_a? TrueClass
    return resource
  end

  return permitted_records
end

Module: PunditOverwrite

Overview

Instance Method Summary collapse

Instance Method Details

#authorize(resource, query = nil) ⇒ Object, Hash

#authorize(resource, query = nil) ⇒ `Object`, `Hash`