module ActionPolicy::Policy::Authorization
Authorization
context could include multiple parameters.
It is possible to provide more verificatio contexts, by specifying them in the policy and providing them at the authorization step.
For example:
class ApplicationPolicy < ActionPolicy::Base # Add user and account to the context; it's required to be passed # to a policy constructor and be not nil authorize :user, :account # you can skip non-nil check if you want # authorize :account, allow_nil: true def manage? # available as a simple accessor account.enabled? end end ApplicantPolicy.new(user: user, account: account)
Attributes
Public Class Methods
included(base)
click to toggle source
# File lib/action_policy/policy/authorization.rb, line 39 def included(base) base.extend ClassMethods end
new(record = nil, **params)
click to toggle source
Calls superclass method
# File lib/action_policy/policy/authorization.rb, line 46 def initialize(record = nil, **params) super(record) @authorization_context = {} self.class.authorization_targets.each do |id, opts| raise AuthorizationContextMissing, id unless params.key?(id) || opts[:optional] val = params.fetch(id, nil) raise AuthorizationContextMissing, id if val.nil? && opts[:allow_nil] != true authorization_context[id] = instance_variable_set("@#{id}", val) end authorization_context.freeze end