lib/action_controller/metal/permissions_policy.rb



# frozen_string_literal: true

module ActionController # :nodoc:
  module PermissionsPolicy
    extend ActiveSupport::Concern

    module ClassMethods
      # Overrides parts of the globally configured +Feature-Policy+
      # header:
      #
      #   class PagesController < ApplicationController
      #     permissions_policy do |policy|
      #       policy.geolocation "https://example.com"
      #     end
      #   end
      #
      # Options can be passed similar to +before_action+. For example, pass
      # <tt>only: :index</tt> to override the header on the index action only:
      #
      #   class PagesController < ApplicationController
      #     permissions_policy(only: :index) do |policy|
      #       policy.camera :self
      #     end
      #   end
      #
      def permissions_policy(**options, &block)
        before_action(options) do
          if block_given?
            policy = request.permissions_policy.clone
            instance_exec(policy, &block)
            request.permissions_policy = policy
          end
        end
      end
    end
  end
end