Class: RubyUIAdmin::Authorization::PunditAdapter

Inherits:
Adapter
  • Object
show all
Defined in:
lib/ruby_ui_admin/authorization/pundit_adapter.rb

Overview

Pundit-backed adapter. Maps the admin's rules onto a Pundit policy (policy.show?), record scopes onto the policy's Scope, and uses respond_to?/public_method_defined? for the field-level "is this rule defined?" check. A rule the policy doesn't define (or a missing policy) falls back to explicit_authorization, keeping the same semantics as action_policy.

The resource's authorization_policy is used as the policy class when given; otherwise Pundit infers it (Pundit::PolicyFinder). Pundit policies receive only usertrue_user (impersonation) is not passed to them.

Instance Attribute Summary

Attributes inherited from Adapter

#policy_class, #record, #user

Instance Method Summary collapse

Methods inherited from Adapter

#allowed?, #initialize, #set_record, #true_user

Constructor Details

This class inherits a constructor from RubyUIAdmin::Authorization::Adapter

Instance Method Details

#apply_policy(scope) ⇒ Object



37
38
39
40
41
42
43
44
45
46
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 37

def apply_policy(scope)
  return scope unless RubyUIAdmin.configuration.authorization_enabled?

  scope_class = scope_class_for(scope)
  return scope unless scope_class

  scope_class.new(user, scope).resolve
rescue Pundit::NotDefinedError
  scope
end

#authorize_action(rule, record: nil, raise_exception: true) ⇒ Object



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 20

def authorize_action(rule, record: nil, raise_exception: true)
  return true unless RubyUIAdmin.configuration.authorization_enabled?

  target = record.nil? ? @record : record
  policy = policy_instance(target)
  normalized = normalize_rule(rule)

  return handle_missing_policy(raise_exception) if policy.nil? || !policy.respond_to?(normalized)

  result = !!policy.public_send(normalized)
  if !result && raise_exception
    raise NotAuthorizedError, "Not authorized to #{normalized} on #{target.inspect}"
  end

  result
end

#defines_rule?(rule) ⇒ Boolean

Returns:

  • (Boolean)


56
57
58
59
60
61
62
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 56

def defines_rule?(rule)
  return false if policy_class.nil?

  policy_class.public_method_defined?(normalize_rule(rule))
rescue
  false
end

#has_rule?(rule, record: nil) ⇒ Boolean

Returns:

  • (Boolean)


48
49
50
51
52
53
54
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 48

def has_rule?(rule, record: nil)
  target = record.nil? ? @record : record
  policy = policy_instance(target)
  return false if policy.nil?

  policy.respond_to?(normalize_rule(rule))
end