Class: RubyUIAdmin::Authorization::Adapter
- Inherits:
-
Object
- Object
- RubyUIAdmin::Authorization::Adapter
- Defined in:
- lib/ruby_ui_admin/authorization/adapter.rb
Overview
Interface every authorization adapter implements. Services::AuthorizationService resolves the
configured adapter (config.authorization_client) and delegates to it, so call sites stay
backend-agnostic. An adapter bridges the admin's rule vocabulary (index?/show?/update?/
destroy?/act_on?/view_<field>?, with the manage? + explicit_authorization fallback)
onto a backend (action_policy, Pundit, CanCanCan, …).
Subclasses must implement: #authorize_action, #apply_policy, #has_rule?, #defines_rule?. The shared context (#user, #true_user, #record, #policy_class), #allowed? and #normalize_rule live here.
Direct Known Subclasses
Instance Attribute Summary collapse
-
#policy_class ⇒ Object
readonly
Returns the value of attribute policy_class.
-
#record ⇒ Object
readonly
Returns the value of attribute record.
-
#user ⇒ Object
readonly
Returns the value of attribute user.
Instance Method Summary collapse
- #allowed?(rule, record: nil) ⇒ Boolean
-
#apply_policy(_scope) ⇒ Object
Applies the policy's record scope to a relation; returns it unchanged when none applies.
-
#authorize_action(_rule, record: nil, raise_exception: true) ⇒ Object
Authorizes a single rule.
-
#defines_rule?(_rule) ⇒ Boolean
Whether the policy CLASS explicitly defines the rule (field-level auth: an undefined rule means "no opinion" → the field stays visible).
-
#has_rule?(_rule, record: nil) ⇒ Boolean
Whether the resolved policy/instance responds to the rule (for the given record).
-
#initialize(user, record = nil, policy_class: nil, true_user: nil) ⇒ Adapter
constructor
A new instance of Adapter.
- #set_record(record) ⇒ Object
-
#true_user ⇒ Object
The real (impersonating) user.
Constructor Details
#initialize(user, record = nil, policy_class: nil, true_user: nil) ⇒ Adapter
Returns a new instance of Adapter.
17 18 19 20 21 22 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 17 def initialize(user, record = nil, policy_class: nil, true_user: nil) @user = user @record = record @policy_class = policy_class @true_user = true_user end |
Instance Attribute Details
#policy_class ⇒ Object (readonly)
Returns the value of attribute policy_class.
15 16 17 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 15 def policy_class @policy_class end |
#record ⇒ Object (readonly)
Returns the value of attribute record.
15 16 17 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 15 def record @record end |
#user ⇒ Object (readonly)
Returns the value of attribute user.
15 16 17 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 15 def user @user end |
Instance Method Details
#allowed?(rule, record: nil) ⇒ Boolean
40 41 42 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 40 def allowed?(rule, record: nil) (rule, record: record, raise_exception: false) end |
#apply_policy(_scope) ⇒ Object
Applies the policy's record scope to a relation; returns it unchanged when none applies.
45 46 47 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 45 def apply_policy(_scope) raise NotImplementedError, "#{self.class} must implement #apply_policy" end |
#authorize_action(_rule, record: nil, raise_exception: true) ⇒ Object
Authorizes a single rule. Returns a boolean; raises NotAuthorizedError when denied and
raise_exception is true.
36 37 38 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 36 def (_rule, record: nil, raise_exception: true) raise NotImplementedError, "#{self.class} must implement #authorize_action" end |
#defines_rule?(_rule) ⇒ Boolean
Whether the policy CLASS explicitly defines the rule (field-level auth: an undefined rule means "no opinion" → the field stays visible).
56 57 58 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 56 def defines_rule?(_rule) raise NotImplementedError, "#{self.class} must implement #defines_rule?" end |
#has_rule?(_rule, record: nil) ⇒ Boolean
Whether the resolved policy/instance responds to the rule (for the given record).
50 51 52 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 50 def has_rule?(_rule, record: nil) raise NotImplementedError, "#{self.class} must implement #has_rule?" end |
#set_record(record) ⇒ Object
29 30 31 32 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 29 def set_record(record) @record = record self end |
#true_user ⇒ Object
The real (impersonating) user. Defaults to Current.true_user, falling back to user.
25 26 27 |
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 25 def true_user @true_user || RubyUIAdmin::Current.true_user || @user end |