class Wallaby::PunditAuthorizationProvider
@note This authorization provider DOES NOT use the
{https://github.com/varvet/pundit#customize-pundit-user pundit_user} helper. It uses the one from {Wallaby::AuthenticationConcern#wallaby_user #wallaby_user} instead.
{github.com/varvet/pundit Pundit} base authorization provider.
Public Class Methods
Detect and see if Pundit is in use. @param context [ActionController::Base, ActionView::Base] @return [true] if Pundit is in use @return [false] otherwise
# File lib/authorizers/wallaby/pundit_authorization_provider.rb, line 13 def self.available?(context) defined?(Pundit) && context.respond_to?(:pundit_user) end
Public Instance Methods
Restrict user to assign certain values.
It will do a lookup in policy's methods and pick the first available method:
-
`attributes_for_#{action}`
-
`attributes_for`
@param action [Symbol, String] @param subject [Object] @return [Hash] field value paired hash that user's allowed to assign
# File lib/authorizers/wallaby/pundit_authorization_provider.rb, line 51 def attributes_for(action, subject) policy = Pundit.policy! user, subject policy.try("attributes_for_#{action}") || policy.try('attributes_for') || {} end
Restrict user for mass assignment.
It will do a lookup in policy's methods and pick the first available method:
-
`permitted_attributes_for_#{ action }`
-
`permitted_attributes`
@param action [Symbol, String] @param subject [Object] @return [Array] field list that user's allowed to change.
# File lib/authorizers/wallaby/pundit_authorization_provider.rb, line 65 def permit_params(action, subject) policy = Pundit.policy! user, subject # @see https://github.com/varvet/pundit/blob/master/lib/pundit.rb#L258 policy.try("permitted_attributes_for_#{action}") || policy.try('permitted_attributes') end
Protected Instance Methods
Convert action to pundit method name @param action [Symbol, String] @return [String] e.g. `create?`
# File lib/authorizers/wallaby/pundit_authorization_provider.rb, line 76 def normalize(action) "#{action}?".tr('??', '?') end