module Pundit::Authorization

def authorize(record, query = nil, policy_class: nil)

Other tags:
    See: #verify_authorized -
    See: Pundit::Context#authorize -

Returns:
  • (record) - Always returns the passed object record

Raises:
  • (NotAuthorizedError) - if the given query method returned false

Parameters:
  • policy_class (Class) -- the policy class we want to force use of
  • query (Symbol, String) -- the predicate method to check on the policy (e.g. `:show?`).
  • record (Object, Array) -- the object we're checking permissions of 
def authorize(record, query = nil, policy_class: nil)
  query ||= "#{action_name}?"
  @_pundit_policy_authorized = true
  pundit.authorize(record, query: query, policy_class: policy_class)
end

def permitted_attributes(record, action = action_name)

Returns:
  • (Hash{String => Object}) - the permitted attributes

Parameters:
  • action (Symbol, String) -- the name of the action being performed on the record (e.g. `:update`).
  • record (Object) -- the object we're retrieving permitted attributes for

Other tags:
    See: https://github.com/varvet/pundit#strong-parameters - 
def permitted_attributes(record, action = action_name)
  policy = policy(record)
  method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
    "permitted_attributes_for_#{action}"
  else
    "permitted_attributes"
  end
  pundit_params_for(record).permit(*policy.public_send(method_name))
end

def policies

Other tags:
    Api: - private 
def policies
  @_pundit_policies ||= {}
end

def policy(record)

Returns:
  • (Object) - instance of policy class with query methods

Parameters:
  • record (Object) -- the object we're retrieving the policy for

Other tags:
    See: https://github.com/varvet/pundit#policies - 
def policy(record)
  pundit.policy!(record)
end

def policy_scope(scope, policy_scope_class: nil)

Returns:
  • (#resolve, nil) - instance of scope class which can resolve to a scope

Parameters:
  • policy_scope_class (#resolve) -- the policy scope class we want to force use of
  • scope (Object) -- the object we're retrieving the policy scope for

Other tags:
    See: https://github.com/varvet/pundit#scopes - 
def policy_scope(scope, policy_scope_class: nil)
  @_pundit_policy_scoped = true
  policy_scope_class ? policy_scope_class.new(pundit_user, scope).resolve : pundit_policy_scope(scope)
end

def policy_scopes

Other tags:
    Api: - private 
def policy_scopes
  @_pundit_policy_scopes ||= {}
end

def pundit

Other tags:
    See: #policies -
    See: #pundit_user -

Returns:
  • (Pundit::Context) -

Other tags:
    Api: - public

Other tags:
    Note: - this method is memoized and will return the same instance during the request. 
def pundit
  @pundit ||= Pundit::Context.new(
    user: pundit_user,
    policy_cache: Pundit::CacheStore::LegacyStore.new(policies)
  )
end

def pundit_params_for(record)

Returns:
  • (ActionController::Parameters) - the params

Parameters:
  • record (Object) -- the object we're retrieving params for 
def pundit_params_for(record)
  params.require(PolicyFinder.new(record).param_key)
end

def pundit_policy_authorized?

Other tags:
    See: #skip_authorization -
    See: #authorize -

Returns:
  • (Boolean) - wether or not authorization has been performed 
def pundit_policy_authorized?
  !!@_pundit_policy_authorized
end

def pundit_policy_scope(scope)

Other tags:
    Api: - private

Other tags:
    See: Pundit::Helper#policy_scope -

Other tags:
    Note: - This also memoizes the instance with `scope` as the key. 
def pundit_policy_scope(scope)
  policy_scopes[scope] ||= pundit.policy_scope!(scope)
end

def pundit_policy_scoped?

Other tags:
    See: #skip_policy_scope -
    See: #policy_scope -

Returns:
  • (Boolean) - wether or not policy scoping has been performed 
def pundit_policy_scoped?
  !!@_pundit_policy_scoped
end

def pundit_reset!

Returns:
  • (void) - 
def pundit_reset!
  @pundit = nil
  @_pundit_policies = nil
  @_pundit_policy_scopes = nil
  @_pundit_policy_authorized = nil
  @_pundit_policy_scoped = nil
end

def pundit_user

Returns:
  • (Object) - the user object to be used with pundit

Other tags:
    See: #pundit_reset! -
    See: #pundit -
    See: https://github.com/varvet/pundit#customize-pundit-user -

Other tags:
    Note: - Make sure to call `pundit_reset!` if this changes during a request. 
def pundit_user
  current_user
end

def skip_authorization

Other tags:
    See: #verify_authorized -
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used -

Returns:
  • (void) - 
def skip_authorization
  @_pundit_policy_authorized = :skipped
end

def skip_policy_scope

Other tags:
    See: #verify_policy_scoped -
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used -

Returns:
  • (void) - 
def skip_policy_scope
  @_pundit_policy_scoped = :skipped
end

def verify_authorized

Other tags:
    See: #skip_authorization -
    See: #authorize -
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used -

Returns:
  • (void) -

Raises:
  • (AuthorizationNotPerformedError) - if authorization has not been performed 
def verify_authorized
  raise AuthorizationNotPerformedError, self.class unless pundit_policy_authorized?
end

def verify_policy_scoped

Other tags:
    See: #skip_policy_scope -
    See: #policy_scope -
    See: https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used -

Returns:
  • (void) -

Raises:
  • (AuthorizationNotPerformedError) - if policy scoping has not been performed 
def verify_policy_scoped
  raise PolicyScopingNotPerformedError, self.class unless pundit_policy_scoped?
end