class Wallaby::CancancanAuthorizationProvider

@note This authorization provider DOES NOT use the existing

{https://www.rubydoc.info/github/CanCanCommunity/cancancan/CanCan%2FControllerAdditions:current_ability
current_ability} helper. It has its own version of {#ability} instance.

{github.com/CanCanCommunity/cancancan CanCanCan} base authorization provider.

Attributes

ability[W]

@!attribute [w] ability

Public Class Methods

available?(context) click to toggle source

Detect and see if CanCanCan is in use. @param context [ActionController::Base, ActionView::Base] @return [true] if CanCanCan is in use @return [false] otherwise.

# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 13
def self.available?(context)
  defined?(CanCanCan) && context.respond_to?(:current_ability)
end

Public Instance Methods

ability() click to toggle source

@!attribute [r] ability @return [Ability] the Ability instance for {#user user} (which is a

{Wallaby::AuthenticationConcern#wallaby_user #wallaby_user})
# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 23
def ability
  # NOTE: use current_ability's class to create the ability instance.
  # just in case that developer uses a different Ability class (e.g. UserAbility)
  @ability ||= options[:ability] || Ability.new(user)
rescue ArgumentError, NameError
  context.current_ability
end
accessible_for(action, scope) click to toggle source

Restrict user to access certain scope/query. @param action [Symbol, String] @param scope [Object] @return [Object]

# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 59
def accessible_for(action, scope)
  scope.try(:accessible_by, ability, action) || scope
end
authorize(action, subject) click to toggle source

Check user's permission for an action on given subject.

This method will be mostly used in controller. @param action [Symbol, String] @param subject [Object, Class] @raise [Wallaby::Forbidden] when user is not authorized to perform the action.

# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 37
    def authorize(action, subject)
      ability.authorize! action, subject
    rescue ::CanCan::AccessDenied
      Logger.error <<~MESSAGE
        #{Utils.inspect user} is forbidden to perform #{action} on #{Utils.inspect subject}
      MESSAGE
      raise Forbidden
    end
authorized?(action, subject) click to toggle source

Check and see if user is allowed to perform an action on given subject. @param action [Symbol, String] @param subject [Object, Class] @return [true] if user is allowed to perform the action @return [false] otherwise

# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 51
def authorized?(action, subject)
  ability.can? action, subject
end
permit_params(action, subject) click to toggle source

Simply return nil as CanCanCan doesn't provide such a feature. @param action [Symbol, String] @param subject [Object] @return [nil]

# File lib/authorizers/wallaby/cancancan_authorization_provider.rb, line 74
def permit_params(action, subject)
  # Do nothing
end