module Pundit::ResourceController

Protected Instance Methods

context() click to toggle source
# File lib/pundit/resource_controller.rb, line 41
def context
  { current_user: current_user, policy_used: -> { @policy_used = true } }
end
enforce_policy_use() click to toggle source
# File lib/pundit/resource_controller.rb, line 23
def enforce_policy_use
  return if @policy_used || response.status.in?(400...600)
  raise Pundit::AuthorizationNotPerformedError,
    "#{params[:controller]}##{params[:action]}"
end
reject_forbidden_request(error) click to toggle source
# File lib/pundit/resource_controller.rb, line 29
def reject_forbidden_request(error)
  type = error.record.class.name.underscore.humanize(capitalize: false)
  error = JSONAPI::Error.new(
    code: JSONAPI::FORBIDDEN,
    status: :forbidden,
    title: "#{params[:action].capitalize} Forbidden",
    detail: "You don't have permission to #{params[:action]} this #{type}.",
  )

  render json: { errors: [error] }, status: 403
end