Module: Vert::Authorization::ControllerMethods

Extended by:

ActiveSupport::Concern

Defined in:

lib/vert/authorization/controller_methods.rb

Instance Method Summary

• #allowed_fields_for(resource) ⇒ Object
• #authorize_with_context(record, query = nil, context = {}) ⇒ Object
• #can_see_field?(resource, field) ⇒ Boolean
• #current_user_permissions ⇒ Object
• #denied_fields_for(resource) ⇒ Object
• #has_permission?(permission_code, context = {}) ⇒ Boolean
• #policy_with_context(record, context = {}) ⇒ Object

Instance Method Details

#allowed_fields_for(resource) ⇒ Object

# File 'lib/vert/authorization/controller_methods.rb', line 41

def allowed_fields_for(resource)
  PermissionResolver.get_allowed_fields(current_user, "#{resource}.read", authorization_context)
end

#authorize_with_context(record, query = nil, context = {}) ⇒ Object

# File 'lib/vert/authorization/controller_methods.rb', line 12

def authorize_with_context(record, query = nil, context = {})
  return record unless Vert.config.enable_authorization && defined?(Pundit)
  query ||= "#{action_name}?"
  policy_context = authorization_context.merge(context)
  policy = policy_with_context(record, policy_context)
  unless policy.public_send(query)
    raise Pundit::NotAuthorizedError, query: query, record: record, policy: policy
  end
  record
end

#can_see_field?(resource, field) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vert/authorization/controller_methods.rb', line 33

def can_see_field?(resource, field)
  allowed = PermissionResolver.get_allowed_fields(current_user, "#{resource}.read", authorization_context)
  denied = PermissionResolver.get_denied_fields(current_user, "#{resource}.read", authorization_context)
  return false if denied.include?(field.to_s)
  return true if allowed.nil?
  allowed.include?(field.to_s)
end

#current_user_permissions ⇒ Object

# File 'lib/vert/authorization/controller_methods.rb', line 49

def current_user_permissions
  PermissionResolver.user_permissions(current_user, authorization_context)
end

#denied_fields_for(resource) ⇒ Object

# File 'lib/vert/authorization/controller_methods.rb', line 45

def denied_fields_for(resource)
  PermissionResolver.get_denied_fields(current_user, "#{resource}.read", authorization_context)
end

#has_permission?(permission_code, context = {}) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/vert/authorization/controller_methods.rb', line 28

def has_permission?(permission_code, context = {})
  return false unless Vert.config.enable_authorization
  PermissionResolver.has_permission?(current_user, permission_code, authorization_context.merge(context))
end

#policy_with_context(record, context = {}) ⇒ Object

# File 'lib/vert/authorization/controller_methods.rb', line 23

def policy_with_context(record, context = {})
  policy_class = PolicyFinder.new(record).policy
  policy_class.new(current_user, record, context)
end