Class: RubyUIAdmin::Authorization::Adapter

Inherits:
Object
  • Object
show all
Defined in:
lib/ruby_ui_admin/authorization/adapter.rb

Overview

Interface every authorization adapter implements. Services::AuthorizationService resolves the configured adapter (config.authorization_client) and delegates to it, so call sites stay backend-agnostic. An adapter bridges the admin's rule vocabulary (index?/show?/update?/ destroy?/act_on?/view_<field>?, with the manage? + explicit_authorization fallback) onto a backend (action_policy, Pundit, CanCanCan, …).

Subclasses must implement: #authorize_action, #apply_policy, #has_rule?, #defines_rule?. The shared context (#user, #true_user, #record, #policy_class), #allowed? and #normalize_rule live here.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user, record = nil, policy_class: nil, true_user: nil) ⇒ Adapter

Returns a new instance of Adapter.



17
18
19
20
21
22
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 17

def initialize(user, record = nil, policy_class: nil, true_user: nil)
  @user = user
  @record = record
  @policy_class = policy_class
  @true_user = true_user
end

Instance Attribute Details

#policy_classObject (readonly)

Returns the value of attribute policy_class.



15
16
17
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 15

def policy_class
  @policy_class
end

#recordObject (readonly)

Returns the value of attribute record.



15
16
17
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 15

def record
  @record
end

#userObject (readonly)

Returns the value of attribute user.



15
16
17
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 15

def user
  @user
end

Instance Method Details

#allowed?(rule, record: nil) ⇒ Boolean

Returns:

  • (Boolean)


40
41
42
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 40

def allowed?(rule, record: nil)
  authorize_action(rule, record: record, raise_exception: false)
end

#apply_policy(_scope) ⇒ Object

Applies the policy's record scope to a relation; returns it unchanged when none applies.

Raises:

  • (NotImplementedError)


45
46
47
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 45

def apply_policy(_scope)
  raise NotImplementedError, "#{self.class} must implement #apply_policy"
end

#authorize_action(_rule, record: nil, raise_exception: true) ⇒ Object

Authorizes a single rule. Returns a boolean; raises NotAuthorizedError when denied and raise_exception is true.

Raises:

  • (NotImplementedError)


36
37
38
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 36

def authorize_action(_rule, record: nil, raise_exception: true)
  raise NotImplementedError, "#{self.class} must implement #authorize_action"
end

#defines_rule?(_rule) ⇒ Boolean

Whether the policy CLASS explicitly defines the rule (field-level auth: an undefined rule means "no opinion" → the field stays visible).

Returns:

  • (Boolean)

Raises:

  • (NotImplementedError)


56
57
58
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 56

def defines_rule?(_rule)
  raise NotImplementedError, "#{self.class} must implement #defines_rule?"
end

#has_rule?(_rule, record: nil) ⇒ Boolean

Whether the resolved policy/instance responds to the rule (for the given record).

Returns:

  • (Boolean)

Raises:

  • (NotImplementedError)


50
51
52
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 50

def has_rule?(_rule, record: nil)
  raise NotImplementedError, "#{self.class} must implement #has_rule?"
end

#set_record(record) ⇒ Object



29
30
31
32
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 29

def set_record(record)
  @record = record
  self
end

#true_userObject

The real (impersonating) user. Defaults to Current.true_user, falling back to user.



25
26
27
# File 'lib/ruby_ui_admin/authorization/adapter.rb', line 25

def true_user
  @true_user || RubyUIAdmin::Current.true_user || @user
end