module ActionPolicy::Controller

Controller concern. Add `authorize!` and `allowed_to?` methods, provide `verify_authorized` hook.

Public Instance Methods

authorize!(record = :__undef__, to: nil, **options) click to toggle source

Authorize action against a policy.

Policy is inferred from record (unless explicitly specified through `with` option).

If action is not provided, it's inferred from `action_name`.

If record is not provided, tries to infer the resource class from controller name (i.e. `controller_name.classify.safe_constantize`).

Raises `ActionPolicy::Unauthorized` if check failed.

Calls superclass method ActionPolicy::Behaviour#authorize!
# File lib/action_policy/rails/controller.rb, line 45
def authorize!(record = :__undef__, to: nil, **options)
  to ||= :"#{action_name}?"

  super(record, to: to, **options)

  self.authorize_count += 1
end
authorize_count() click to toggle source
# File lib/action_policy/rails/controller.rb, line 64
def authorize_count
  @authorize_count ||= 0
end
implicit_authorization_target() click to toggle source

Tries to infer the resource class from controller name (i.e. `controller_name.classify.safe_constantize`).

# File lib/action_policy/rails/controller.rb, line 55
def implicit_authorization_target
  controller_name.classify.safe_constantize
end
skip_verify_authorized(**options) click to toggle source

Skips verify_authorized after_action callback.

# File lib/action_policy/rails/controller.rb, line 80
def skip_verify_authorized(**options)
  skip_after_action :verify_authorized, options
end
skip_verify_authorized!() click to toggle source
# File lib/action_policy/rails/controller.rb, line 68
def skip_verify_authorized!
  @verify_authorized_skipped = true
end
verify_authorized() click to toggle source
# File lib/action_policy/rails/controller.rb, line 59
def verify_authorized
  Kernel.raise UnauthorizedAction.new(controller_path, action_name) if
    authorize_count.zero? && !verify_authorized_skipped
end