module ActionPolicy::Policy::Authorization

Authorization context could include multiple parameters.

It is possible to provide more verificatio contexts, by specifying them in the policy and providing them at the authorization step.

For example:

class ApplicationPolicy < ActionPolicy::Base
  # Add user and account to the context; it's required to be passed
  # to a policy constructor and be not nil
  authorize :user, :account

  # you can skip non-nil check if you want
  # authorize :account, allow_nil: true

  def manage?
    # available as a simple accessor
    account.enabled?
  end
end

ApplicantPolicy.new(user: user, account: account)

Attributes

authorization_context[R]

Public Class Methods

included(base) click to toggle source
# File lib/action_policy/policy/authorization.rb, line 39
def included(base)
  base.extend ClassMethods
end
new(record = nil, **params) click to toggle source
Calls superclass method
# File lib/action_policy/policy/authorization.rb, line 46
def initialize(record = nil, **params)
  super(record)

  @authorization_context = {}

  self.class.authorization_targets.each do |id, opts|
    raise AuthorizationContextMissing, id unless params.key?(id) || opts[:optional]

    val = params.fetch(id, nil)

    raise AuthorizationContextMissing, id if val.nil? && opts[:allow_nil] != true

    authorization_context[id] = instance_variable_set("@#{id}", val)
  end

  authorization_context.freeze
end