module ActionPolicy::Controller
Controller
concern. Add `authorize!` and `allowed_to?` methods, provide `verify_authorized` hook.
Public Instance Methods
authorize!(record = :__undef__, to: nil, **options)
click to toggle source
Authorize action against a policy.
Policy
is inferred from record (unless explicitly specified through `with` option).
If action is not provided, it's inferred from `action_name`.
If record is not provided, tries to infer the resource class from controller name (i.e. `controller_name.classify.safe_constantize`).
Raises `ActionPolicy::Unauthorized` if check failed.
Calls superclass method
ActionPolicy::Behaviour#authorize!
# File lib/action_policy/rails/controller.rb, line 45 def authorize!(record = :__undef__, to: nil, **options) to ||= :"#{action_name}?" super(record, to: to, **options) self.authorize_count += 1 end
authorize_count()
click to toggle source
# File lib/action_policy/rails/controller.rb, line 64 def authorize_count @authorize_count ||= 0 end
implicit_authorization_target()
click to toggle source
Tries to infer the resource class from controller name (i.e. `controller_name.classify.safe_constantize`).
# File lib/action_policy/rails/controller.rb, line 55 def implicit_authorization_target controller_name.classify.safe_constantize end
skip_verify_authorized(**options)
click to toggle source
Skips verify_authorized
after_action callback.
# File lib/action_policy/rails/controller.rb, line 80 def skip_verify_authorized(**options) skip_after_action :verify_authorized, options end
skip_verify_authorized!()
click to toggle source
# File lib/action_policy/rails/controller.rb, line 68 def skip_verify_authorized! @verify_authorized_skipped = true end
verify_authorized()
click to toggle source
# File lib/action_policy/rails/controller.rb, line 59 def verify_authorized Kernel.raise UnauthorizedAction.new(controller_path, action_name) if authorize_count.zero? && !verify_authorized_skipped end