varvet--pundit/lib/pundit.rb

require "pundit/version"
require "pundit/policy_finder"
require "active_support/concern"
require "active_support/core_ext/string/inflections"
require "active_support/core_ext/object/blank"

module Pundit
  class NotAuthorizedError < StandardError; end
  class NotDefinedError < StandardError; end

  extend ActiveSupport::Concern

  class << self
    def policy_scope(user, scope)
      policy_scope = PolicyFinder.new(scope).scope
      policy_scope.new(user, scope).resolve if policy_scope
    end

    def policy_scope!(user, scope)
      PolicyFinder.new(scope).scope!.new(user, scope).resolve
    end

    def policy(user, record)
      policy = PolicyFinder.new(record).policy
      policy.new(user, record) if policy
    end

    def policy!(user, record)
      PolicyFinder.new(record).policy!.new(user, record)
    end
  end

  included do
    if respond_to?(:helper_method)
      helper_method :policy_scope
      helper_method :policy
      helper_method :pundit_user
    end
    if respond_to?(:hide_action)
      hide_action :authorize
      hide_action :verify_authorized
      hide_action :verify_policy_scoped
      hide_action :pundit_user
    end
  end

  def verify_authorized
    raise NotAuthorizedError unless @_policy_authorized
  end

  def verify_policy_scoped
    raise NotAuthorizedError unless @_policy_scoped
  end

  def authorize(record, query=nil)
    query ||= params[:action].to_s + "?"
    @_policy_authorized = true
    unless policy(record).public_send(query)
      raise NotAuthorizedError, "not allowed to #{query} this #{record}"
    end
    true
  end

  def policy_scope(scope)
    @_policy_scoped = true
    @policy_scope or Pundit.policy_scope!(pundit_user, scope)
  end
  attr_writer :policy_scope

  def policy(record)
    @policy or Pundit.policy!(pundit_user, record)
  end
  attr_writer :policy

  def pundit_user
    current_user
  end
end
initial 2012-11-04 10:20:45 +01:00			`require "pundit/version"`
Extract the actual code 2012-11-19 10:57:17 +01:00			`require "pundit/policy_finder"`
Add specs and dependencies 2012-11-19 13:02:42 +01:00			`require "active_support/concern"`
			`require "active_support/core_ext/string/inflections"`
			`require "active_support/core_ext/object/blank"`
initial 2012-11-04 10:20:45 +01:00
			`module Pundit`
Extract the actual code 2012-11-19 10:57:17 +01:00			`class NotAuthorizedError < StandardError; end`
			`class NotDefinedError < StandardError; end`

			`extend ActiveSupport::Concern`

			`class << self`
			`def policy_scope(user, scope)`
Clarify meaning of a few variables 2013-11-05 18:26:38 +01:00			`policy_scope = PolicyFinder.new(scope).scope`
			`policy_scope.new(user, scope).resolve if policy_scope`
Extract the actual code 2012-11-19 10:57:17 +01:00			`end`

			`def policy_scope!(user, scope)`
			`PolicyFinder.new(scope).scope!.new(user, scope).resolve`
			`end`

			`def policy(user, record)`
Clarify meaning of a few variables 2013-11-05 18:26:38 +01:00			`policy = PolicyFinder.new(record).policy`
			`policy.new(user, record) if policy`
Extract the actual code 2012-11-19 10:57:17 +01:00			`end`

			`def policy!(user, record)`
			`PolicyFinder.new(record).policy!.new(user, record)`
			`end`
			`end`

			`included do`
			`if respond_to?(:helper_method)`
			`helper_method :policy_scope`
			`helper_method :policy`
pundit_user should be a helper and hidden as an action 2013-07-14 00:50:39 +02:00			`helper_method :pundit_user`
Extract the actual code 2012-11-19 10:57:17 +01:00			`end`
Hide authorize and verify_authorized, closes #23 2013-03-28 17:26:24 +01:00			`if respond_to?(:hide_action)`
			`hide_action :authorize`
			`hide_action :verify_authorized`
Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances. 2013-04-17 22:05:24 -07:00			`hide_action :verify_policy_scoped`
pundit_user should be a helper and hidden as an action 2013-07-14 00:50:39 +02:00			`hide_action :pundit_user`
Hide authorize and verify_authorized, closes #23 2013-03-28 17:26:24 +01:00			`end`
Extract the actual code 2012-11-19 10:57:17 +01:00			`end`

			`def verify_authorized`
			`raise NotAuthorizedError unless @_policy_authorized`
			`end`

Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances. 2013-04-17 22:05:24 -07:00			`def verify_policy_scoped`
			`raise NotAuthorizedError unless @_policy_scoped`
			`end`

Extract the actual code 2012-11-19 10:57:17 +01:00			`def authorize(record, query=nil)`
			`query \|\|= params[:action].to_s + "?"`
			`@_policy_authorized = true`
			`unless policy(record).public_send(query)`
			`raise NotAuthorizedError, "not allowed to #{query} this #{record}"`
			`end`
Add specs and dependencies 2012-11-19 13:02:42 +01:00			`true`
Extract the actual code 2012-11-19 10:57:17 +01:00			`end`

			`def policy_scope(scope)`
Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances. 2013-04-17 22:05:24 -07:00			`@_policy_scoped = true`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-12 10:38:50 +10:00			`@policy_scope or Pundit.policy_scope!(pundit_user, scope)`
Extract the actual code 2012-11-19 10:57:17 +01:00			`end`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-12 10:38:50 +10:00			`attr_writer :policy_scope`
Extract the actual code 2012-11-19 10:57:17 +01:00
			`def policy(record)`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-12 10:38:50 +10:00			`@policy or Pundit.policy!(pundit_user, record)`
Custom pundit user 2013-07-13 05:42:34 +02:00			`end`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-12 10:38:50 +10:00			`attr_writer :policy`
Custom pundit user 2013-07-13 05:42:34 +02:00
			`def pundit_user`
Let pundit_user raise a name error if current_user is not present. 2013-07-13 16:24:13 +02:00			`current_user`
Extract the actual code 2012-11-19 10:57:17 +01:00			`end`
initial 2012-11-04 10:20:45 +01:00			`end`