Class: RubyUIAdmin::Authorization::ActionPolicyAdapter
- Includes:
- ActionPolicy::Behaviour
- Defined in:
- lib/ruby_ui_admin/authorization/action_policy_adapter.rb
Overview
action_policy-backed adapter (the default). Bridges the admin's authorization onto
action_policy: allowed_to?, authorized_scope, policy_for. Rules the policy doesn't
define fall back to its default rule (manage?), which RubyUIAdmin::BasePolicy ties to
explicit_authorization; a missing policy is decided by explicit_authorization too.
Instance Attribute Summary
Attributes inherited from Adapter
Instance Method Summary collapse
- #apply_policy(scope) ⇒ Object
- #authorize_action(rule, record: nil, raise_exception: true) ⇒ Object
-
#defines_rule?(rule) ⇒ Boolean
Whether the policy CLASS explicitly defines this rule as a public method (i.e. not satisfied only by the
manage?default). - #has_rule?(rule, record: nil) ⇒ Boolean
Methods inherited from Adapter
#allowed?, #initialize, #set_record, #true_user
Constructor Details
This class inherits a constructor from RubyUIAdmin::Authorization::Adapter
Instance Method Details
#apply_policy(scope) ⇒ Object
37 38 39 40 41 42 43 44 45 46 |
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 37 def apply_policy(scope) return scope unless RubyUIAdmin.configuration. (scope, with: policy_class) rescue ActionPolicy::UnknownScopeType, ActionPolicy::UnknownNamedScope, ActionPolicy::UnrecognizedScopeTarget, ActionPolicy::NotFound scope end |
#authorize_action(rule, record: nil, raise_exception: true) ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 18 def (rule, record: nil, raise_exception: true) return true unless RubyUIAdmin.configuration. target = record.nil? ? @record : record normalized = normalize_rule(rule) begin result = allowed_to?(normalized, target, with: policy_class) rescue ActionPolicy::NotFound return handle_missing_policy(raise_exception) end if !result && raise_exception raise NotAuthorizedError, "Not authorized to #{normalized} on #{target.inspect}" end result end |
#defines_rule?(rule) ⇒ Boolean
Whether the policy CLASS explicitly defines this rule as a public method (i.e. not satisfied
only by the manage? default). Used for field-level authorization.
60 61 62 63 64 65 66 |
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 60 def defines_rule?(rule) return false if policy_class.nil? policy_class.public_method_defined?(normalize_rule(rule)) rescue false end |
#has_rule?(rule, record: nil) ⇒ Boolean
48 49 50 51 52 53 54 55 56 |
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 48 def has_rule?(rule, record: nil) target = record.nil? ? @record : record policy = policy_for(record: target, with: policy_class, allow_nil: true) return false if policy.nil? policy.respond_to?(normalize_rule(rule)) rescue ActionPolicy::NotFound false end |