Class: RubyUIAdmin::Authorization::ActionPolicyAdapter

Inherits:
Adapter
  • Object
show all
Includes:
ActionPolicy::Behaviour
Defined in:
lib/ruby_ui_admin/authorization/action_policy_adapter.rb

Overview

action_policy-backed adapter (the default). Bridges the admin's authorization onto action_policy: allowed_to?, authorized_scope, policy_for. Rules the policy doesn't define fall back to its default rule (manage?), which RubyUIAdmin::BasePolicy ties to explicit_authorization; a missing policy is decided by explicit_authorization too.

Instance Attribute Summary

Attributes inherited from Adapter

#policy_class, #record, #user

Instance Method Summary collapse

Methods inherited from Adapter

#allowed?, #initialize, #set_record, #true_user

Constructor Details

This class inherits a constructor from RubyUIAdmin::Authorization::Adapter

Instance Method Details

#apply_policy(scope) ⇒ Object



37
38
39
40
41
42
43
44
45
46
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 37

def apply_policy(scope)
  return scope unless RubyUIAdmin.configuration.authorization_enabled?

  authorized_scope(scope, with: policy_class)
rescue ActionPolicy::UnknownScopeType,
       ActionPolicy::UnknownNamedScope,
       ActionPolicy::UnrecognizedScopeTarget,
       ActionPolicy::NotFound
  scope
end

#authorize_action(rule, record: nil, raise_exception: true) ⇒ Object



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 18

def authorize_action(rule, record: nil, raise_exception: true)
  return true unless RubyUIAdmin.configuration.authorization_enabled?

  target = record.nil? ? @record : record
  normalized = normalize_rule(rule)

  begin
    result = allowed_to?(normalized, target, with: policy_class)
  rescue ActionPolicy::NotFound
    return handle_missing_policy(raise_exception)
  end

  if !result && raise_exception
    raise NotAuthorizedError, "Not authorized to #{normalized} on #{target.inspect}"
  end

  result
end

#defines_rule?(rule) ⇒ Boolean

Whether the policy CLASS explicitly defines this rule as a public method (i.e. not satisfied only by the manage? default). Used for field-level authorization.

Returns:

  • (Boolean)


60
61
62
63
64
65
66
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 60

def defines_rule?(rule)
  return false if policy_class.nil?

  policy_class.public_method_defined?(normalize_rule(rule))
rescue
  false
end

#has_rule?(rule, record: nil) ⇒ Boolean

Returns:

  • (Boolean)


48
49
50
51
52
53
54
55
56
# File 'lib/ruby_ui_admin/authorization/action_policy_adapter.rb', line 48

def has_rule?(rule, record: nil)
  target = record.nil? ? @record : record
  policy = policy_for(record: target, with: policy_class, allow_nil: true)
  return false if policy.nil?

  policy.respond_to?(normalize_rule(rule))
rescue ActionPolicy::NotFound
  false
end