Module: Dscf::Core::Authorizable

Extended by:: ActiveSupport::Concern

Includes:: Pundit::Authorization

Included in:: ApplicationController, Common

Defined in:: app/controllers/concerns/dscf/core/authorizable.rb

Instance Method Summary collapse

#authorize(record, query = nil, policy_class: nil) ⇒ Object

Override authorize to fall back to ApplicationPolicy when no specific policy is defined.
#authorize_action! ⇒ Object
#policy_scope(scope, policy_scope_class: nil) ⇒ Object

Override policy_scope to fall back to ApplicationPolicy::Scope when no specific scope is defined.
#pundit_user ⇒ Object

Instance Method Details

#authorize(record, query = nil, policy_class: nil) ⇒ `Object`

Override authorize to fall back to ApplicationPolicy when no specific policy is defined. In Pundit 2.5, authorize delegates to Pundit::Context which bypasses the instance policy method.

# File 'app/controllers/concerns/dscf/core/authorizable.rb', line 31

def authorize(record, query = nil, policy_class: nil)
  super
rescue ::Pundit::NotDefinedError
  fallback_policy = Dscf::Core::ApplicationPolicy.new(pundit_user, record)
  effective_query = query || "#{action_name}?"
  # Guard against undefined query methods — fail closed (deny) rather than raise NoMethodError
  unless fallback_policy.respond_to?(effective_query, true) && fallback_policy.public_send(effective_query)
    raise ::Pundit::NotAuthorizedError, policy: fallback_policy, query: effective_query, record: record
  end

  record
end

#authorize_action! ⇒ `Object`

# File 'app/controllers/concerns/dscf/core/authorizable.rb', line 15

def authorize_action!
  # Only perform automatic before_action authorization for standard REST actions
  return skip_authorization unless %w[index show create update destroy].include?(action_name)

  policy_target = resolve_policy_target
  return skip_authorization unless policy_target

  authorize policy_target
end

#policy_scope(scope, policy_scope_class: nil) ⇒ `Object`

Override policy_scope to fall back to ApplicationPolicy::Scope when no specific scope is defined.

# File 'app/controllers/concerns/dscf/core/authorizable.rb', line 45

def policy_scope(scope, policy_scope_class: nil)
  super
rescue ::Pundit::NotDefinedError
  Dscf::Core::ApplicationPolicy::Scope.new(pundit_user, scope).resolve
end

#pundit_user ⇒ `Object`



25
26
27

# File 'app/controllers/concerns/dscf/core/authorizable.rb', line 25

def pundit_user
  current_user
end

Module: Dscf::Core::Authorizable

Instance Method Summary collapse

Instance Method Details

#authorize(record, query = nil, policy_class: nil) ⇒ Object

#authorize_action! ⇒ Object

#policy_scope(scope, policy_scope_class: nil) ⇒ Object

#pundit_user ⇒ Object

#authorize(record, query = nil, policy_class: nil) ⇒ `Object`

#authorize_action! ⇒ `Object`

#policy_scope(scope, policy_scope_class: nil) ⇒ `Object`

#pundit_user ⇒ `Object`