varvet--pundit/lib/pundit.rb

require "pundit/version"
require "pundit/policy_finder"
require "active_support/concern"
require "active_support/core_ext/string/inflections"
require "active_support/core_ext/object/blank"
require "active_support/dependencies/autoload"

module Pundit
  class NotAuthorizedError < StandardError
    attr_accessor :query, :record, :policy
  end
  class AuthorizationNotPerformedError < StandardError; end
  class NotDefinedError < StandardError; end

  extend ActiveSupport::Concern

  class << self
    def policy_scope(user, scope)
      policy_scope = PolicyFinder.new(scope).scope
      policy_scope.new(user, scope).resolve if policy_scope
    end

    def policy_scope!(user, scope)
      PolicyFinder.new(scope).scope!.new(user, scope).resolve
    end

    def policy(user, record)
      policy = PolicyFinder.new(record).policy
      policy.new(user, record) if policy
    end

    def policy!(user, record)
      PolicyFinder.new(record).policy!.new(user, record)
    end
  end

  included do
    if respond_to?(:helper_method)
      helper_method :policy_scope
      helper_method :policy
      helper_method :pundit_user
    end
    if respond_to?(:hide_action)
      hide_action :policy_scope
      hide_action :policy_scope=
      hide_action :policy
      hide_action :policy=
      hide_action :authorize
      hide_action :verify_authorized
      hide_action :verify_policy_scoped
      hide_action :pundit_user
    end
  end

  def verify_authorized
    raise AuthorizationNotPerformedError unless @_policy_authorized
  end

  def verify_policy_scoped
    raise AuthorizationNotPerformedError unless @_policy_scoped
  end

  def authorize(record, query=nil)
    query ||= params[:action].to_s + "?"
    @_policy_authorized = true

    policy = policy(record)
    unless policy.public_send(query)
      error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
      error.query, error.record, error.policy = query, record, policy

      raise error
    end

    true
  end

  def policy_scope(scope)
    @_policy_scoped = true
    @policy_scope or Pundit.policy_scope!(pundit_user, scope)
  end
  attr_writer :policy_scope

  def policy(record)
    @policy or Pundit.policy!(pundit_user, record)
  end
  attr_writer :policy

  def pundit_user
    current_user
  end
end
initial 2012-11-04 04:20:45 -05:00			`require "pundit/version"`
Extract the actual code 2012-11-19 04:57:17 -05:00			`require "pundit/policy_finder"`
Add specs and dependencies 2012-11-19 07:02:42 -05:00			`require "active_support/concern"`
			`require "active_support/core_ext/string/inflections"`
			`require "active_support/core_ext/object/blank"`
Add autoload require for jruby. 2014-04-23 00:02:03 -04:00			`require "active_support/dependencies/autoload"`
initial 2012-11-04 04:20:45 -05:00
			`module Pundit`
Add #query, #record, and #policy properties to Pundit::NotAuthorizedError. Exceptions raised by #authorize now provide the query (e.g. 'create?') and record (e.g. an instance of 'Post') that caused the exception to be raised, as well as the relevant policy (e.g. an instance of 'PostPolicy'). NotAuthorizedError is modified to continue to inherit from StandardError, but now also has attr_accessor values for :query, :record, and :policy. 2014-02-25 21:54:22 -05:00			`class NotAuthorizedError < StandardError`
			`attr_accessor :query, :record, :policy`
			`end`
Raise a different error when authorization is not performed closes #108 2014-02-14 07:57:13 -05:00			`class AuthorizationNotPerformedError < StandardError; end`
Extract the actual code 2012-11-19 04:57:17 -05:00			`class NotDefinedError < StandardError; end`

			`extend ActiveSupport::Concern`

			`class << self`
			`def policy_scope(user, scope)`
Clarify meaning of a few variables 2013-11-05 12:26:38 -05:00			`policy_scope = PolicyFinder.new(scope).scope`
			`policy_scope.new(user, scope).resolve if policy_scope`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`

			`def policy_scope!(user, scope)`
			`PolicyFinder.new(scope).scope!.new(user, scope).resolve`
			`end`

			`def policy(user, record)`
Clarify meaning of a few variables 2013-11-05 12:26:38 -05:00			`policy = PolicyFinder.new(record).policy`
			`policy.new(user, record) if policy`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`

			`def policy!(user, record)`
			`PolicyFinder.new(record).policy!.new(user, record)`
			`end`
			`end`

			`included do`
			`if respond_to?(:helper_method)`
			`helper_method :policy_scope`
			`helper_method :policy`
pundit_user should be a helper and hidden as an action 2013-07-13 18:50:39 -04:00			`helper_method :pundit_user`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`
Hide authorize and verify_authorized, closes #23 2013-03-28 12:26:24 -04:00			`if respond_to?(:hide_action)`
hide unused actions 2014-03-09 15:01:53 -04:00			`hide_action :policy_scope`
			`hide_action :policy_scope=`
			`hide_action :policy`
			`hide_action :policy=`
Hide authorize and verify_authorized, closes #23 2013-03-28 12:26:24 -04:00			`hide_action :authorize`
			`hide_action :verify_authorized`
Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances. 2013-04-18 01:05:24 -04:00			`hide_action :verify_policy_scoped`
pundit_user should be a helper and hidden as an action 2013-07-13 18:50:39 -04:00			`hide_action :pundit_user`
Hide authorize and verify_authorized, closes #23 2013-03-28 12:26:24 -04:00			`end`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`

			`def verify_authorized`
Raise a different error when authorization is not performed closes #108 2014-02-14 07:57:13 -05:00			`raise AuthorizationNotPerformedError unless @_policy_authorized`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`

Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances. 2013-04-18 01:05:24 -04:00			`def verify_policy_scoped`
Raise a different error when authorization is not performed closes #108 2014-02-14 07:57:13 -05:00			`raise AuthorizationNotPerformedError unless @_policy_scoped`
Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances. 2013-04-18 01:05:24 -04:00			`end`

Extract the actual code 2012-11-19 04:57:17 -05:00			`def authorize(record, query=nil)`
			`query \|\|= params[:action].to_s + "?"`
			`@_policy_authorized = true`
Add #query, #record, and #policy properties to Pundit::NotAuthorizedError. Exceptions raised by #authorize now provide the query (e.g. 'create?') and record (e.g. an instance of 'Post') that caused the exception to be raised, as well as the relevant policy (e.g. an instance of 'PostPolicy'). NotAuthorizedError is modified to continue to inherit from StandardError, but now also has attr_accessor values for :query, :record, and :policy. 2014-02-25 21:54:22 -05:00
			`policy = policy(record)`
			`unless policy.public_send(query)`
			`error = NotAuthorizedError.new("not allowed to #{query} this #{record}")`
			`error.query, error.record, error.policy = query, record, policy`

			`raise error`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`
Add #query, #record, and #policy properties to Pundit::NotAuthorizedError. Exceptions raised by #authorize now provide the query (e.g. 'create?') and record (e.g. an instance of 'Post') that caused the exception to be raised, as well as the relevant policy (e.g. an instance of 'PostPolicy'). NotAuthorizedError is modified to continue to inherit from StandardError, but now also has attr_accessor values for :query, :record, and :policy. 2014-02-25 21:54:22 -05:00
Add specs and dependencies 2012-11-19 07:02:42 -05:00			`true`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`

			`def policy_scope(scope)`
Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances. 2013-04-18 01:05:24 -04:00			`@_policy_scoped = true`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-11 20:38:50 -04:00			`@policy_scope or Pundit.policy_scope!(pundit_user, scope)`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-11 20:38:50 -04:00			`attr_writer :policy_scope`
Extract the actual code 2012-11-19 04:57:17 -05:00
			`def policy(record)`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-11 20:38:50 -04:00			`@policy or Pundit.policy!(pundit_user, record)`
Custom pundit user 2013-07-12 23:42:34 -04:00			`end`
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post \|\|= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests. 2013-08-11 20:38:50 -04:00			`attr_writer :policy`
Custom pundit user 2013-07-12 23:42:34 -04:00
			`def pundit_user`
Let pundit_user raise a name error if current_user is not present. 2013-07-13 10:24:13 -04:00			`current_user`
Extract the actual code 2012-11-19 04:57:17 -05:00			`end`
initial 2012-11-04 04:20:45 -05:00			`end`