-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow policies to delegate to Pundit
- Loading branch information
1 parent
321568c
commit 50bde14
Showing
12 changed files
with
276 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,13 @@ | ||
# frozen_string_literal: true | ||
|
||
require 'pundit' | ||
|
||
require 'pragma/policy/version' | ||
require 'pragma/policy/scope' | ||
require 'pragma/policy/base' | ||
require 'pragma/policy/pundit' | ||
require 'pragma/policy/errors' | ||
|
||
module Pragma | ||
# Fine-grained access control for your API resources. | ||
# | ||
# @author Alessandro Desantis | ||
module Policy | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# frozen_string_literal: true | ||
|
||
module Pragma | ||
module Policy | ||
# Provides a simple way for Pragma policies to delegate to Pundit policies/scopes. | ||
# | ||
# @example | ||
# class API::V1::Article::Policy < Pragma::Policy::Pundit | ||
# # The default would be ArticlePolicy. | ||
# self.pundit_klass = CustomArticlePolicy | ||
# end | ||
class Pundit < Base | ||
class << self | ||
def pundit_klass=(klass) | ||
@pundit_klass = klass | ||
end | ||
|
||
def pundit_klass | ||
@pundit_klass ||= Object.const_get("#{self.class.name.split('::')[-2]}Policy") | ||
end | ||
|
||
def inherited(base) | ||
base.class_eval <<~RUBY | ||
class Scope < Pragma::Policy::Scope | ||
def initialize(user, scope) | ||
super | ||
@pundit_scope = pundit_scope_klass.new(user, scope) | ||
end | ||
def resolve | ||
@pundit_scope.resolve | ||
end | ||
private | ||
def pundit_scope_klass | ||
policy_klass.pundit_klass.const_get('Scope') | ||
end | ||
end | ||
RUBY | ||
end | ||
end | ||
|
||
def initialize(user, record) | ||
super | ||
@pundit_policy = self.class.pundit_klass.new(user, record) | ||
end | ||
|
||
def respond_to_missing?(method_name, include_private = false) | ||
super || @pundit_policy.respond_to?("#{method_name[0..-2]}?", include_private) | ||
end | ||
|
||
def method_missing(method_name, *args, &block) | ||
return super unless @pundit_policy.respond_to?(method_name) | ||
@pundit_policy.send(method_name, *args, &block) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
module Pragma | ||
module Policy | ||
# Authorizes AR scopes and other relations by only returning the records accessible by the | ||
# current user. Used, for instance, in index operations. | ||
class Scope | ||
# @!attribute [r] user | ||
# @return [Object] the user accessing the records | ||
# | ||
# @!attribute [r] scope | ||
# @return [Object] the relation to use as a base | ||
attr_reader :user, :scope | ||
|
||
# Initializes the scope. | ||
# | ||
# @param user [Object] the user accessing the records | ||
# @param scope [Object] the relation to use as a base | ||
def initialize(user, scope) | ||
@user = user | ||
@scope = scope | ||
end | ||
|
||
# Returns the records accessible by the given user. | ||
# | ||
# @return [Object] | ||
# | ||
# @abstract Override to implement retrieving the accessible records | ||
def resolve | ||
fail NotImplementedError | ||
end | ||
|
||
private | ||
|
||
def policy_klass | ||
Object.const_get(self.class.name.split('::')[0..-2].join('::')) | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.