Skip to content
Permalink
Browse files
Configure pundit and lock down activities.
  • Loading branch information
Steve Polito committed Aug 16, 2020
1 parent 7a742af commit c9d8093f6ca20042c317a26181f64aeca84edc60
Show file tree
Hide file tree
Showing 7 changed files with 98 additions and 0 deletions.
@@ -59,3 +59,5 @@ gem "devise", "~> 4.7"
gem "sendgrid-ruby", "~> 6.3"
gem "honeybadger", "~> 4.7"
gem 'devise-bootstrapped', github: 'king601/devise-bootstrapped', branch: 'bootstrap4'

gem "pundit", "~> 2.1"
@@ -124,6 +124,8 @@ GEM
public_suffix (4.0.5)
puma (4.3.5)
nio4r (~> 2.0)
pundit (2.1.0)
activesupport (>= 3.0.0)
rack (2.2.3)
rack-proxy (0.6.5)
rack
@@ -239,6 +241,7 @@ DEPENDENCIES
listen (~> 3.2)
pg (>= 0.18, < 2.0)
puma (~> 4.1)
pundit (~> 2.1)
rails (~> 6.0.3, >= 6.0.3.2)
sass-rails (>= 6)
selenium-webdriver
@@ -8,6 +8,7 @@ def index
end

def show
authorize @activity
end

def new
@@ -24,9 +25,11 @@ def create
end

def edit
authorize @activity
end

def update
authorize @activity
if @activity.update(activity_params)
redirect_to @activity, notice: "Updated Activity"
else
@@ -35,6 +38,7 @@ def update
end

def destroy
authorize @activity
@activity.destroy
redirect_to activities_path, notice: "Activity Deleted"
end
@@ -1,9 +1,18 @@
class ApplicationController < ActionController::Base
include Pundit
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized

before_action :set_time_zone, if: :current_user

private

def set_time_zone
Time.zone = current_user.time_zone unless current_user.time_zone.nil?
end


def user_not_authorized
flash[:alert] = "You are not authorized to perform this action."
redirect_to(request.referrer || root_path)
end
end
@@ -0,0 +1,13 @@
class ActivityPolicy < ApplicationPolicy
def show?
user == record.user
end

def edit?
user == record.user
end

def update?
user == record.user
end
end
@@ -0,0 +1,49 @@
class ApplicationPolicy
attr_reader :user, :record

def initialize(user, record)
@user = user
@record = record
end

def index?
false
end

def show?
false
end

def create?
false
end

def new?
create?
end

def update?
false
end

def edit?
update?
end

def destroy?
false
end

class Scope
attr_reader :user, :scope

def initialize(user, scope)
@user = user
@scope = scope
end

def resolve
scope.all
end
end
end
@@ -0,0 +1,18 @@
require 'test_helper'

class ActivityPolicyTest < ActiveSupport::TestCase
def test_scope
end

def test_show
end

def test_create
end

def test_update
end

def test_destroy
end
end

0 comments on commit c9d8093

Please sign in to comment.