Class: Browsable::PolicyScanner

Inherits:

Object

• Object
• Browsable::PolicyScanner

Defined in:

lib/browsable/policy_scanner.rb

Overview

Scans every controller and controller-concern for ‘allow_browser` callsites, so the report can show the full policy landscape — not just the one on ApplicationController that drives the audit target.

This is deliberately *discovery only*. browsable does not try to map each frontend asset to the endpoints (and therefore policies) that serve it: CSS and importmap JavaScript are global assets, pulled in by layout helpers on essentially every page, so they have no single owning controller action. The scanner surfaces the policies; the user decides what to audit against.

Defined Under Namespace

Classes: Policy

Constant Summary

CONTROLLER_GLOB =

"app/controllers/**/*.rb"

Class Method Summary

• .call(root) ⇒ Object

Instance Method Summary

• #call ⇒ Object

  > Array<Policy>, in a stable (path-sorted) order.

• #initialize(root) ⇒ PolicyScanner constructor

  A new instance of PolicyScanner.

Constructor Details

#initialize(root) ⇒ PolicyScanner

Returns a new instance of PolicyScanner.

# File 'lib/browsable/policy_scanner.rb', line 30

def initialize(root)
  @root = File.expand_path(root)
  @detector = PolicyDetector.new(@root)
end

Class Method Details

.call(root) ⇒ Object

# File 'lib/browsable/policy_scanner.rb', line 28

def self.call(root) = new(root).call

Instance Method Details

#call ⇒ Object

> Array<Policy>, in a stable (path-sorted) order.

# File 'lib/browsable/policy_scanner.rb', line 36

def call
  Dir.glob(File.join(@root, CONTROLLER_GLOB)).sort.flat_map { |file| scan_file(file) }
rescue StandardError
  []
end