Module: Avo::Concerns::ChecksAssocAuthorization
- Extended by:
- ActiveSupport::Concern
- Included in:
- ChecksShowAuthorization, ResourceComponent
- Defined in:
- lib/avo/concerns/checks_assoc_authorization.rb
Instance Method Summary collapse
-
#authorize_association_for(policy_method) ⇒ Object
Ex: A Post has many Comments.
Instance Method Details
#authorize_association_for(policy_method) ⇒ Object
Ex: A Post has many Comments
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# File 'lib/avo/concerns/checks_assoc_authorization.rb', line 7 def (policy_method) policy_result = true if @reflection.present? # Fetch the appropriate resource reflection_resource = field.resource # Fetch the record # Hydrate the resource with the record if we have one reflection_resource.hydrate(record: @parent_record) if @parent_record.present? # Use the related_name as the base of the association association_name = @reflection.name if association_name.present? method_name = :"#{policy_method}_#{association_name}?".to_sym # Use the policy methods from the parent (Post) service = reflection_resource. if service.has_method?(method_name, raise_exception: false) # Some policy methods should get the parent record in order to have the necessary information to do the authorization # Example: Post->has_many->Comments # # When you want to authorize the creation/attaching of a Comment, you don't have the Comment instance. # But you do have the Post instance and you can get that in your policy to authorize against. parent_policy_methods = [:view, :create, :attach, :act_on] record = if parent_policy_methods.include?(policy_method) # Use the parent record (Post) reflection_resource.record else # Override the record with the child record (Comment) resource.record end policy_result = service.(method_name, record: record, raise_exception: false) end end end policy_result end |