kotovalexarian-likes-github/varvet--pundit
1
0
Fork 0
mirror of https://github.com/varvet/pundit.git synced 2022-11-09 12:30:11 -05:00
Code Releases Activity

Update #authorize method to return the passed object

Browse source
This commit is contained in:
Aaron Manaloto 2016-05-10 13:44:00 +08:00
parent e668404625
commit 21d4c1bd2d
3 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -151,6 +151,15 @@ def admin_list
end
```
`authorize` returns the object passed to it, so you can chain it like this:
Controller:
```ruby
def show
@user = authorize User.find(params[:id])
end
```
You can easily get a hold of an instance of the policy through the `policy`
method in both the view and controller. This is especially useful for
conditionally showing links or buttons in the view:

10
lib/pundit.rb
View file

@ -17,7 +17,7 @@ module Pundit
# @api private
class Error < StandardError; end
# Error that will be raiser when authorization has failed
# Error that will be raised when authorization has failed
class NotAuthorizedError < Error
attr_reader :query, :record, :policy
@ -58,7 +58,7 @@ module Pundit
# @param record [Object] the object we're checking permissions of
# @param query [Symbol, String] the predicate method to check on the policy (e.g. `:show?`)
# @raise [NotAuthorizedError] if the given query method returned false
# @return [true] Always returns true
# @return [Object] Always returns the passed object record
def authorize(user, record, query)
policy = policy!(user, record)
@ -66,7 +66,7 @@ module Pundit
raise NotAuthorizedError, query: query, record: record, policy: policy
end
true
record
end
# Retrieves the policy scope for the given record.
@ -174,7 +174,7 @@ protected
# @param query [Symbol, String] the predicate method to check on the policy (e.g. `:show?`).
# If omitted then this defaults to the Rails controller action name.
# @raise [NotAuthorizedError] if the given query method returned false
# @return [true] Always returns true
# @return [Object] Always returns the passed object record
def authorize(record, query = nil)
query ||= params[:action].to_s + "?"
@ -186,7 +186,7 @@ protected
raise NotAuthorizedError, query: query, record: record, policy: policy
end
true
record
end
# Allow this action not to perform authorization.

4
spec/pundit_spec.rb
View file

@ -334,6 +334,10 @@ describe Pundit do
expect(controller.authorize(post)).to be_truthy
end
it "returns the record on successful authorization" do
expect(controller.authorize(post)).to be(post)
end
it "can be given a different permission to check" do
expect(controller.authorize(post, :show?)).to be_truthy
expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)