module ActionPolicy::Behaviour

Provides `authorize!` and `allowed_to?` methods and `authorize` class method to define authorization context.

Could be included anywhere to perform authorization.

Public Class Methods

included(base) click to toggle source
# File lib/action_policy/behaviour.rb, line 20
def self.included(base)
  # Handle ActiveSupport::Concern differently
  if base.respond_to?(:class_methods)
    base.class_methods do
      include ClassMethods
    end
  else
    base.extend ClassMethods
  end
end

Public Instance Methods

allowance_to(rule, record = :__undef__, **options) click to toggle source

Returns the authorization result object after applying a specified rule to a record.

# File lib/action_policy/behaviour.rb, line 53
def allowance_to(rule, record = :__undef__, **options)
  policy = lookup_authorization_policy(record, **options)

  policy.apply(authorization_rule_for(policy, rule))
  policy.result
end
allowed_to?(rule, record = :__undef__, **options) click to toggle source

Checks that an activity is allowed for the current context (e.g. user).

Returns true of false.

# File lib/action_policy/behaviour.rb, line 46
def allowed_to?(rule, record = :__undef__, **options)
  policy = lookup_authorization_policy(record, **options)

  policy.apply(authorization_rule_for(policy, rule))
end
authorization_context() click to toggle source
# File lib/action_policy/behaviour.rb, line 60
def authorization_context
  return @__authorization_context if
    instance_variable_defined?(:@__authorization_context)

  @__authorization_context = self.class.authorization_targets
    .each_with_object({}) do |(key, meth), obj|
    obj[key] = send(meth)
  end
end
authorization_rule_for(policy, rule) click to toggle source

Check that rule is defined for policy, otherwise fallback to :manage? rule.

# File lib/action_policy/behaviour.rb, line 72
def authorization_rule_for(policy, rule)
  policy.resolve_rule(rule)
end
authorize!(record = :__undef__, to:, **options) click to toggle source

Authorize action against a policy.

Policy is inferred from record (unless explicitly specified through `with` option).

Raises `ActionPolicy::Unauthorized` if check failed.

# File lib/action_policy/behaviour.rb, line 37
def authorize!(record = :__undef__, to:, **options)
  policy = lookup_authorization_policy(record, **options)

  Authorizer.call(policy, authorization_rule_for(policy, to))
end