Module: TypedOperation::ActionPolicyAuth::ClassMethods

Defined in:

lib/typed_operation/action_policy_auth.rb

Overview

Class-level methods for configuring authorization on operations.

Instance Method Summary

• #action_type(type = nil) ⇒ Object

  : (?Symbol?) -> Symbol?.

• #authorized_via(*via, with: nil, to: nil, record: nil, &auth_block) ⇒ Object

  Configure the operation to use ActionPolicy for authorization.

• #checks_authorization? ⇒ Boolean

  : () -> bool.

• #inherited(subclass) ⇒ Object

  : (Class) -> void.

• #operation_policy_class ⇒ Object

  : () -> Class?.

• #operation_policy_method ⇒ Object

  : () -> Symbol?.

• #operation_record_to_authorize ⇒ Object

  : () -> Symbol?.

• #verify_authorized! ⇒ Object

  You can use this on an operation base class to ensure subclasses always enable authorization.

• #verify_authorized? ⇒ Boolean

  : () -> bool.

Instance Method Details

#action_type(type = nil) ⇒ Object

: (?Symbol?) -> Symbol?

# File 'lib/typed_operation/action_policy_auth.rb', line 79

def action_type(type = nil)
  @_action_type = type.to_sym if type
  @_action_type
end

#authorized_via(*via, with: nil, to: nil, record: nil, &auth_block) ⇒ Object

Configure the operation to use ActionPolicy for authorization. : (*Symbol, ?with: Class?, ?to: Symbol?, ?record: Symbol?) ?{ () -> bool } -> void

Raises:

• (ArgumentError)

# File 'lib/typed_operation/action_policy_auth.rb', line 40

def authorized_via(*via, with: nil, to: nil, record: nil, &auth_block)
  raise ArgumentError, "You must not provide a policy class or method when using a block" if auth_block && (with || to)

  parameters = positional_parameters + keyword_parameters
  raise ArgumentError, "authorize_via must be called with a valid param name" unless via.all? { |param| parameters.include?(param) }
  @_authorized_via_param = via

  action_type_method = :"#{action_type}?" if action_type
  policy_method = to || action_type_method || raise(::TypedOperation::InvalidOperationError, "You must provide an action type or policy method name")
  @_policy_method = policy_method
  @_policy_class = if with
    with
  elsif auth_block
    policy_class = Class.new(OperationPolicy) do
      authorize(*via)

      define_method(policy_method, &auth_block)
    end
    const_set(:Policy, policy_class)
    policy_class
  else
    raise ::TypedOperation::InvalidOperationError, "You must provide either a policy class or a block"
  end

  if record
    unless parameters.include?(record) || method_defined?(record) || private_method_defined?(record)
      raise ArgumentError, "to_authorize must be called with a valid param or method name"
    end
    @_to_authorize_param = record
  end

  # Configure action policy to use the param named in via as the context when instantiating the policy.
  # ::ActionPolicy::Behaviour does not provide a authorize(*ids) method, so we have call once per param.
  via.each do |param|
    authorize param
  end
end

#checks_authorization? ⇒ Boolean

: () -> bool

Returns:

• (Boolean)

# File 'lib/typed_operation/action_policy_auth.rb', line 100

def checks_authorization?
  !(@_authorized_via_param.nil? || @_authorized_via_param.empty?)
end

#inherited(subclass) ⇒ Object

: (Class) -> void

# File 'lib/typed_operation/action_policy_auth.rb', line 117

def inherited(subclass)
  super
  subclass.instance_variable_set(:@_authorized_via_param, @_authorized_via_param)
  subclass.instance_variable_set(:@_verify_authorized, @_verify_authorized)
  subclass.instance_variable_set(:@_policy_class, @_policy_class)
  subclass.instance_variable_set(:@_policy_method, @_policy_method)
  subclass.instance_variable_set(:@_action_type, @_action_type)
end

#operation_policy_class ⇒ Object

: () -> Class?

# File 'lib/typed_operation/action_policy_auth.rb', line 90

def operation_policy_class
  @_policy_class
end

#operation_policy_method ⇒ Object

: () -> Symbol?

# File 'lib/typed_operation/action_policy_auth.rb', line 85

def operation_policy_method
  @_policy_method
end

#operation_record_to_authorize ⇒ Object

: () -> Symbol?

# File 'lib/typed_operation/action_policy_auth.rb', line 95

def operation_record_to_authorize
  @_to_authorize_param
end

#verify_authorized! ⇒ Object

You can use this on an operation base class to ensure subclasses always enable authorization. : () -> void

# File 'lib/typed_operation/action_policy_auth.rb', line 106

def verify_authorized!
  return if verify_authorized?
  @_verify_authorized = true
end

#verify_authorized? ⇒ Boolean

: () -> bool

Returns:

• (Boolean)

# File 'lib/typed_operation/action_policy_auth.rb', line 112

def verify_authorized?
  @_verify_authorized
end