Module: Glib::Auth::Policy

Extended by:
ActiveSupport::Concern
Defined in:
app/controllers/concerns/glib/auth/policy.rb

Defined Under Namespace

Modules: ClassMethods, Overrides Classes: UnauthorizedError

Instance Method Summary collapse

Instance Method Details

#assert_current_user_presentObject

Raises:



28
29
30
# File 'app/controllers/concerns/glib/auth/policy.rb', line 28

def assert_current_user_present
  raise UnauthorizedError unless current_user
end

#can?(action, record, context = nil) ⇒ Boolean

Returns:

  • (Boolean)


76
77
78
# File 'app/controllers/concerns/glib/auth/policy.rb', line 76

def can?(action, record, context = nil)
  policy(record, nil, context).send("#{action}?")
end

#cannot?(action, record, context = nil) ⇒ Boolean

Returns:

  • (Boolean)


80
81
82
# File 'app/controllers/concerns/glib/auth/policy.rb', line 80

def cannot?(action, record, context = nil)
  !policy(record, nil, context).send("#{action}?")
end

#glib_authorize_resource(*args) ⇒ Object



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# File 'app/controllers/concerns/glib/auth/policy.rb', line 85

def glib_authorize_resource(*args)
  options = args.extract_options!
  resource_name = args.first

  resource_name ||= controller_name.split('/').last.singularize

  if (resource_key = options[:class]).nil?
    policy_name = resource_name.camelize.constantize
  else
    policy_name = case resource_key
                  when false
                    resource_name.to_sym
                  when Symbol, Class
                    resource_key
                  else
                    raise "Invalid resource class: #{resource_key}"
    end
  end

  resource_instance = instance_variable_get("@#{resource_name}")
  if resource_instance.nil?
    # An explicitly supplied `resource:` is authoritative even when nil (e.g. a scoped
    # `find_by` that resolved nothing). Falling back to the policy-name symbol would hand
    # the policy a truthy placeholder in place of the missing record, so record-bound gates
    # (`record.present?`, `return false unless record`) would pass for exactly the request
    # they exist to refuse -- fail-open. Pass the nil through so they fail closed. The
    # symbol fallback remains for callers that don't supply `resource:` at all.
    resource_instance = options.key?(:resource) ? options[:resource] : policy_name
  end

  query = "#{action_name}?"
  policy_instance = policy(resource_instance, policy_name, options.fetch(:context, nil))
  raise_access_denied(resource_instance, policy_instance) unless policy_instance.public_send(query)
end

#glib_raise_forbiddenObject

Raises:



66
67
68
# File 'app/controllers/concerns/glib/auth/policy.rb', line 66

def glib_raise_forbidden
  raise UnauthorizedError
end

#glib_skip_controller_action_if_permission_testObject



120
121
122
123
124
125
126
127
# File 'app/controllers/concerns/glib/auth/policy.rb', line 120

def glib_skip_controller_action_if_permission_test
  permission_test = params[:__glib_permission_test].present?

  if permission_test
    instance_exec(&self.class.glib_permission_test_callback)
    render status: 200, json: { status: 'ok' }
  end
end

#resource_name_from_controllerObject



185
186
187
# File 'app/controllers/concerns/glib/auth/policy.rb', line 185

def resource_name_from_controller
  params[:controller].split('/').last.singularize
end