module Wallaby::Authorizable

Authorizer related attributes

Public Instance Methods

authorized?(action, subject) click to toggle source

Check if user is allowed to perform action on given subject @param action [Symbol, String] @param subject [Object, Class] @return [true] if allowed @return [false] if not allowed @since wallaby-5.2.0

# File lib/concerns/wallaby/authorizable.rb, line 69
def authorized?(action, subject)
  return false unless subject

  klass = subject.is_a?(Class) ? subject : subject.class
  authorizer_of(klass).authorized? action, subject
end
current_authorizer() click to toggle source

Model authorizer for current modal class.

It can be configured in following class attributes:
  • controller configuration {Wallaby::Authorizable::ClassMethods#model_authorizer .model_authorizer}

  • a generic authorizer based on {Wallaby::Authorizable::ClassMethods#application_authorizer .application_authorizer}

@return [Wallaby::ModelAuthorizer] model authorizer @since wallaby-5.2.0

# File lib/concerns/wallaby/authorizable.rb, line 56
def current_authorizer
  @current_authorizer ||=
    authorizer_of(current_model_class, controller_to_get(:model_authorizer)).tap do |authorizer|
      Logger.debug %(Current authorizer: #{authorizer.try(:class)}), sourcing: false
    end
end
unauthorized?(action, subject) click to toggle source

Check if user is allowed to perform action on given subject @param action [Symbol, String] @param subject [Object, Class] @return [true] if not allowed @return [false] if allowed @since wallaby-5.2.0

# File lib/concerns/wallaby/authorizable.rb, line 82
def unauthorized?(action, subject)
  !authorized? action, subject
end

Protected Instance Methods

authorizer_of(model_class, authorizer_class = nil) click to toggle source

@param model_class [Class] @param authorizer_class [Class, nil] @return [Wallaby::ModelAuthorizer] model authorizer for given model @since wallaby-5.2.0

# File lib/concerns/wallaby/authorizable.rb, line 92
def authorizer_of(model_class, authorizer_class = nil)
  authorizer_class ||= Map.authorizer_map(model_class, controller_to_get(:application_authorizer))
  authorizer_class.new model_class, self
end