module Pundit::Authorization

def authorize(record, query = nil, policy_class: nil)

Returns:
  • (Object) - Always returns the passed object record

Raises:
  • (NotAuthorizedError) - if the given query method returned false

Parameters:
  • policy_class (Class) -- the policy class we want to force use of
  • query (Symbol, String) -- the predicate method to check on the policy (e.g. `:show?`).
  • record (Object, Array) -- the object we're checking permissions of 
def authorize(record, query = nil, policy_class: nil)
  query ||= "#{action_name}?"
  @_pundit_policy_authorized = true
  Pundit.authorize(pundit_user, record, query, policy_class: policy_class, cache: policies)
end

def permitted_attributes(record, action = action_name)

Returns:
  • (Hash{String => Object}) - the permitted attributes

Parameters:
  • action (Symbol, String) -- the name of the action being performed on the record (e.g. `:update`).
  • record (Object) -- the object we're retrieving permitted attributes for

Other tags:
    See: https://github.com/varvet/pundit#strong-parameters - 
def permitted_attributes(record, action = action_name)
  policy = policy(record)
  method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
    "permitted_attributes_for_#{action}"
  else
    "permitted_attributes"
  end
  pundit_params_for(record).permit(*policy.public_send(method_name))
end

def policies

Other tags:
    Api: - private 
def policies
  @_pundit_policies ||= {}
end

def policy(record)

Returns:
  • (Object, nil) - instance of policy class with query methods

Parameters:
  • record (Object) -- the object we're retrieving the policy for

Other tags:
    See: https://github.com/varvet/pundit#policies - 
def policy(record)
  policies[record] ||= Pundit.policy!(pundit_user, record)
end

def policy_scope(scope, policy_scope_class: nil)

Returns:
  • (Scope{#resolve}, nil) - instance of scope class which can resolve to a scope

Parameters:
  • policy_scope_class (Class) -- the policy scope class we want to force use of
  • scope (Object) -- the object we're retrieving the policy scope for

Other tags:
    See: https://github.com/varvet/pundit#scopes - 
def policy_scope(scope, policy_scope_class: nil)
  @_pundit_policy_scoped = true
  policy_scope_class ? policy_scope_class.new(pundit_user, scope).resolve : pundit_policy_scope(scope)
end

def policy_scopes

Other tags:
    Api: - private 
def policy_scopes
  @_pundit_policy_scopes ||= {}
end

def pundit_params_for(record)

Returns:
  • (ActionController::Parameters) - the params

Parameters:
  • record (Object) -- the object we're retrieving params for 
def pundit_params_for(record)
  params.require(PolicyFinder.new(record).param_key)
end

def pundit_policy_authorized?

Returns:
  • (Boolean) - whether authorization has been performed, i.e. whether 
def pundit_policy_authorized?
  !!@_pundit_policy_authorized
end

def pundit_policy_scope(scope) 

def pundit_policy_scope(scope)
  policy_scopes[scope] ||= Pundit.policy_scope!(pundit_user, scope)
end

def pundit_policy_scoped?

Returns:
  • (Boolean) - whether policy scoping has been performed, i.e. whether 
def pundit_policy_scoped?
  !!@_pundit_policy_scoped
end

def pundit_user

Returns:
  • (Object) - the user object to be used with pundit

Other tags:
    See: https://github.com/varvet/pundit#customize-pundit-user - 
def pundit_user
  current_user
end

def skip_authorization

Returns:
  • (void) -

Other tags:
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used - 
def skip_authorization
  @_pundit_policy_authorized = :skipped
end

def skip_policy_scope

Returns:
  • (void) -

Other tags:
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used - 
def skip_policy_scope
  @_pundit_policy_scoped = :skipped
end

def verify_authorized

Returns:
  • (void) -

Raises:
  • (AuthorizationNotPerformedError) - if authorization has not been performed

Other tags:
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used - 
def verify_authorized
  raise AuthorizationNotPerformedError, self.class unless pundit_policy_authorized?
end

def verify_policy_scoped

Returns:
  • (void) -

Raises:
  • (AuthorizationNotPerformedError) - if policy scoping has not been performed

Other tags:
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used - 
def verify_policy_scoped
  raise PolicyScopingNotPerformedError, self.class unless pundit_policy_scoped?
end