2012-11-04 04:20:45 -05:00
|
|
|
require "pundit/version"
|
2012-11-19 04:57:17 -05:00
|
|
|
require "pundit/policy_finder"
|
2012-11-19 07:02:42 -05:00
|
|
|
require "active_support/concern"
|
|
|
|
require "active_support/core_ext/string/inflections"
|
|
|
|
require "active_support/core_ext/object/blank"
|
2014-05-21 22:09:17 -04:00
|
|
|
require "active_support/core_ext/module/introspection"
|
2014-04-23 00:02:03 -04:00
|
|
|
require "active_support/dependencies/autoload"
|
2012-11-04 04:20:45 -05:00
|
|
|
|
|
|
|
module Pundit
|
2014-02-25 21:54:22 -05:00
|
|
|
class NotAuthorizedError < StandardError
|
|
|
|
attr_accessor :query, :record, :policy
|
|
|
|
end
|
2014-02-14 07:57:13 -05:00
|
|
|
class AuthorizationNotPerformedError < StandardError; end
|
2012-11-19 04:57:17 -05:00
|
|
|
class NotDefinedError < StandardError; end
|
|
|
|
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
class << self
|
2014-05-21 22:09:17 -04:00
|
|
|
def policy_scope(user, scope, namespace = Object)
|
|
|
|
policy_scope = PolicyFinder.new(scope, namespace).scope
|
2013-11-05 12:26:38 -05:00
|
|
|
policy_scope.new(user, scope).resolve if policy_scope
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
|
|
|
|
2014-05-21 22:09:17 -04:00
|
|
|
def policy_scope!(user, scope, namespace = Object)
|
|
|
|
PolicyFinder.new(scope, namespace).scope!.new(user, scope).resolve
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
|
|
|
|
2014-05-21 22:09:17 -04:00
|
|
|
def policy(user, record, namespace = Object)
|
|
|
|
policy = PolicyFinder.new(record, namespace).policy
|
2013-11-05 12:26:38 -05:00
|
|
|
policy.new(user, record) if policy
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
|
|
|
|
2014-05-21 22:09:17 -04:00
|
|
|
def policy!(user, record, namespace = Object)
|
|
|
|
PolicyFinder.new(record, namespace).policy!.new(user, record)
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
included do
|
|
|
|
if respond_to?(:helper_method)
|
|
|
|
helper_method :policy_scope
|
|
|
|
helper_method :policy
|
2013-07-13 18:50:39 -04:00
|
|
|
helper_method :pundit_user
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
2013-03-28 12:26:24 -04:00
|
|
|
if respond_to?(:hide_action)
|
2014-03-09 15:01:53 -04:00
|
|
|
hide_action :policy_scope
|
|
|
|
hide_action :policy_scope=
|
|
|
|
hide_action :policy
|
|
|
|
hide_action :policy=
|
2013-03-28 12:26:24 -04:00
|
|
|
hide_action :authorize
|
|
|
|
hide_action :verify_authorized
|
2013-04-18 01:05:24 -04:00
|
|
|
hide_action :verify_policy_scoped
|
2013-07-13 18:50:39 -04:00
|
|
|
hide_action :pundit_user
|
2013-03-28 12:26:24 -04:00
|
|
|
end
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def verify_authorized
|
2014-02-14 07:57:13 -05:00
|
|
|
raise AuthorizationNotPerformedError unless @_policy_authorized
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
|
|
|
|
2013-04-18 01:05:24 -04:00
|
|
|
def verify_policy_scoped
|
2014-02-14 07:57:13 -05:00
|
|
|
raise AuthorizationNotPerformedError unless @_policy_scoped
|
2013-04-18 01:05:24 -04:00
|
|
|
end
|
|
|
|
|
2012-11-19 04:57:17 -05:00
|
|
|
def authorize(record, query=nil)
|
|
|
|
query ||= params[:action].to_s + "?"
|
|
|
|
@_policy_authorized = true
|
2014-02-25 21:54:22 -05:00
|
|
|
|
|
|
|
policy = policy(record)
|
|
|
|
unless policy.public_send(query)
|
|
|
|
error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
|
|
|
|
error.query, error.record, error.policy = query, record, policy
|
|
|
|
|
|
|
|
raise error
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
2014-02-25 21:54:22 -05:00
|
|
|
|
2012-11-19 07:02:42 -05:00
|
|
|
true
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def policy_scope(scope)
|
2013-04-18 01:05:24 -04:00
|
|
|
@_policy_scoped = true
|
2014-05-21 22:09:17 -04:00
|
|
|
@policy_scope or Pundit.policy_scope!(pundit_user, scope, self.class.parent)
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
2013-08-11 20:38:50 -04:00
|
|
|
attr_writer :policy_scope
|
2012-11-19 04:57:17 -05:00
|
|
|
|
|
|
|
def policy(record)
|
2014-05-21 22:09:17 -04:00
|
|
|
@policy or Pundit.policy!(pundit_user, record, self.class.parent)
|
2013-07-12 23:42:34 -04:00
|
|
|
end
|
2013-08-11 20:38:50 -04:00
|
|
|
attr_writer :policy
|
2013-07-12 23:42:34 -04:00
|
|
|
|
|
|
|
def pundit_user
|
2013-07-13 10:24:13 -04:00
|
|
|
current_user
|
2012-11-19 04:57:17 -05:00
|
|
|
end
|
2012-11-04 04:20:45 -05:00
|
|
|
end
|