Class: RubyUIAdmin::Authorization::PunditAdapter
- Defined in:
- lib/ruby_ui_admin/authorization/pundit_adapter.rb
Overview
Pundit-backed adapter. Maps the admin's rules onto a Pundit policy (policy.show?), record
scopes onto the policy's Scope, and uses respond_to?/public_method_defined? for the
field-level "is this rule defined?" check. A rule the policy doesn't define (or a missing
policy) falls back to explicit_authorization, keeping the same semantics as action_policy.
The resource's authorization_policy is used as the policy class when given; otherwise Pundit
infers it (Pundit::PolicyFinder). Pundit policies receive only user — true_user
(impersonation) is not passed to them.
Instance Attribute Summary
Attributes inherited from Adapter
Instance Method Summary collapse
- #apply_policy(scope) ⇒ Object
- #authorize_action(rule, record: nil, raise_exception: true) ⇒ Object
- #defines_rule?(rule) ⇒ Boolean
- #has_rule?(rule, record: nil) ⇒ Boolean
Methods inherited from Adapter
#allowed?, #initialize, #set_record, #true_user
Constructor Details
This class inherits a constructor from RubyUIAdmin::Authorization::Adapter
Instance Method Details
#apply_policy(scope) ⇒ Object
37 38 39 40 41 42 43 44 45 46 |
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 37 def apply_policy(scope) return scope unless RubyUIAdmin.configuration. scope_class = scope_class_for(scope) return scope unless scope_class scope_class.new(user, scope).resolve rescue Pundit::NotDefinedError scope end |
#authorize_action(rule, record: nil, raise_exception: true) ⇒ Object
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 20 def (rule, record: nil, raise_exception: true) return true unless RubyUIAdmin.configuration. target = record.nil? ? @record : record policy = policy_instance(target) normalized = normalize_rule(rule) return handle_missing_policy(raise_exception) if policy.nil? || !policy.respond_to?(normalized) result = !!policy.public_send(normalized) if !result && raise_exception raise NotAuthorizedError, "Not authorized to #{normalized} on #{target.inspect}" end result end |
#defines_rule?(rule) ⇒ Boolean
56 57 58 59 60 61 62 |
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 56 def defines_rule?(rule) return false if policy_class.nil? policy_class.public_method_defined?(normalize_rule(rule)) rescue false end |
#has_rule?(rule, record: nil) ⇒ Boolean
48 49 50 51 52 53 54 |
# File 'lib/ruby_ui_admin/authorization/pundit_adapter.rb', line 48 def has_rule?(rule, record: nil) target = record.nil? ? @record : record policy = policy_instance(target) return false if policy.nil? policy.respond_to?(normalize_rule(rule)) end |