class Pundit::Context

end
end
context.authorize(Post.find(id), query: :show?)
r.get “posts”, Integer do |id|
context = Pundit::Context.new(user:)
route do |r|
@example Using [Roda](roda.jeremyevans.net/index.html)
end
pundit.authorize(Post.find(id), query: :show?)
get “/posts/:id” do |id|
end
end
@pundit ||= Pundit::Context.new(user: current_user)
def pundit
def current_user = …
helpers do
@example Using Sinatra
it is then used to perform authorization checks throughout the request.
{Pundit::Context} is intended to be created once per request and user, and

def authorize(possibly_namespaced_record, query:, policy_class:)

Returns:
  • (Object) - Always returns the passed object record

Raises:
  • (NotAuthorizedError) - if the given query method returned false

Parameters:
  • policy_class (Class) -- the policy class we want to force use of
  • query (Symbol, String) -- the predicate method to check on the policy (e.g. `:show?`)
  • possibly_namespaced_record (Object, Array) -- the object we're checking permissions of 
def authorize(possibly_namespaced_record, query:, policy_class:)
  record = pundit_model(possibly_namespaced_record)
  policy = if policy_class
    policy_class.new(user, record)
  else
    policy!(possibly_namespaced_record)
  end
  raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
  record
end

def cached_find(record)

Raises:
  • (InvalidConstructorError) - if policy can't be instantated

Returns:
  • (Policy, nil) - an instantiated policy

Other tags:
    Yieldreturn: -

Other tags:
    Yieldparam: policy_finder -

Other tags:
    Yield: - a policy finder if no policy was cached

Parameters:
  • record (Object) -- the object we're retrieving the policy for

Other tags:
    Api: - private 
def cached_find(record)
  policy_cache.fetch(user: user, record: record) do
    klass = yield policy_finder(record)
    next unless klass
    model = pundit_model(record)
    begin
      klass.new(user, model)
    rescue ArgumentError
      raise InvalidConstructorError, "Invalid #<#{klass}> constructor is called"
    end
  end
end

def initialize(user:, policy_cache: CacheStore::NullStore.instance)

Parameters:
  • policy_cache (#fetch) -- cache store for policies (see e.g. {CacheStore::NullStore})
  • user () -- later passed to policies and scopes

Other tags:
    See: Pundit::Authorization#pundit - 
def initialize(user:, policy_cache: CacheStore::NullStore.instance)
  @user = user
  @policy_cache = policy_cache
end

def policy(record)

Returns:
  • (Object, nil) - instance of policy class with query methods

Raises:
  • (InvalidConstructorError) - if the policy constructor called incorrectly

Parameters:
  • record (Object) -- the object we're retrieving the policy for

Other tags:
    See: https://github.com/varvet/pundit#policies - 
def policy(record)
  cached_find(record, &:policy)
end

def policy!(record)

Returns:
  • (Object) - instance of policy class with query methods

Raises:
  • (InvalidConstructorError) - if the policy constructor called incorrectly
  • (NotDefinedError) - if the policy cannot be found

Parameters:
  • record (Object) -- the object we're retrieving the policy for

Other tags:
    See: https://github.com/varvet/pundit#policies - 
def policy!(record)
  cached_find(record, &:policy!)
end

def policy_finder(record)

Returns:
  • (PolicyFinder) -

Other tags:
    Api: - private 
def policy_finder(record)
  PolicyFinder.new(record)
end

def policy_scope(scope)

Returns:
  • (Scope{#resolve}, nil) - instance of scope class which can resolve to a scope

Raises:
  • (InvalidConstructorError) - if the policy constructor called incorrectly

Parameters:
  • scope (Object) -- the object we're retrieving the policy scope for

Other tags:
    See: https://github.com/varvet/pundit#scopes - 
def policy_scope(scope)
  policy_scope_class = policy_finder(scope).scope
  return unless policy_scope_class
  begin
    policy_scope = policy_scope_class.new(user, pundit_model(scope))
  rescue ArgumentError
    raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
  end
  policy_scope.resolve
end

def policy_scope!(scope)

Returns:
  • (Scope{#resolve}) - instance of scope class which can resolve to a scope

Raises:
  • (InvalidConstructorError) - if the policy constructor called incorrectly
  • (NotDefinedError) - if the policy scope cannot be found

Parameters:
  • scope (Object) -- the object we're retrieving the policy scope for

Other tags:
    See: https://github.com/varvet/pundit#scopes - 
def policy_scope!(scope)
  policy_scope_class = policy_finder(scope).scope!
  begin
    policy_scope = policy_scope_class.new(user, pundit_model(scope))
  rescue ArgumentError
    raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called"
  end
  policy_scope.resolve
end

def pundit_model(record)

Other tags:
    Api: - private 
def pundit_model(record)
  record.is_a?(Array) ? record.last : record
end