Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make Pundit#authorize a module method. #227

Closed
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 13 additions & 10 deletions lib/pundit.rb
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,18 @@ class NotDefinedError < StandardError; end
extend ActiveSupport::Concern

class << self
def authorize(user, record, query, policy = nil)
policy ||= policy!(user, record)
unless policy.public_send(query)
error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
error.query, error.record, error.policy = query, record, policy

raise error
end

true
end

def policy_scope(user, scope)
policy_scope = PolicyFinder.new(scope).scope
policy_scope.new(user, scope).resolve if policy_scope
Expand Down Expand Up @@ -65,16 +77,7 @@ def verify_policy_scoped
def authorize(record, query=nil)
query ||= params[:action].to_s + "?"
@_pundit_policy_authorized = true

policy = policy(record)
unless policy.public_send(query)
error = NotAuthorizedError.new("not allowed to #{query} this #{record}")
error.query, error.record, error.policy = query, record, policy

raise error
end

true
Pundit.authorize(pundit_user, record, query, policy(record))
end

def policy_scope(scope)
Expand Down
44 changes: 36 additions & 8 deletions spec/pundit_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,32 @@
let(:artificial_blog) { ArtificialBlog.new }
let(:article_tag) { ArticleTag.new }

describe ".authorize" do
it "infers the policy and authorizes based on it" do
expect(Pundit.authorize(user, post, :update?)).to be_truthy
end

it "works with anonymous class policies" do
expect(Pundit.authorize(user, article_tag, :show?)).to be_truthy
expect { Pundit.authorize(user, article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
end

it "raises an error with a query and action" do
expect { Pundit.authorize(user, post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError) do |error|
expect(error.query).to eq :destroy?
expect(error.record).to eq post
expect(error.policy).to eq Pundit.policy(user, post)
end
end

it "uses the specified optional policy instance" do
denier = DenierPolicy.new(nil, nil)
expect { Pundit.authorize(user, post, :update?, denier) }.to raise_error(Pundit::NotAuthorizedError) do |error|
expect(error.policy).to eq denier
end
end
end

describe ".policy_scope" do
it "returns an instantiated policy scope given a plain model class" do
expect(Pundit.policy_scope(user, Post)).to eq :published
Expand Down Expand Up @@ -166,7 +192,7 @@
end

describe "#authorize" do
it "infers the policy name and authorized based on it" do
it "infers the policy name and authorizes based on it" do
expect(controller.authorize(post)).to be_truthy
end

Expand All @@ -180,16 +206,18 @@
expect { controller.authorize(article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
end

it "raises an error when the permission check fails" do
it "throws an exception when the permission check fails" do
expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
end

it "raises an error with a query and action" do
expect { controller.authorize(post, :destroy?) }.to raise_error do |error|
expect(error.query).to eq :destroy?
expect(error.record).to eq post
expect(error.policy).to eq controller.policy(post)
end
it "throws an exception when a policy cannot be found" do
expect { controller.authorize(Article) }.to raise_error(Pundit::NotDefinedError)
end

it "caches the policy" do
expect(controller.policies[post]).to be_nil
controller.authorize(post)
expect(controller.policies[post]).not_to be_nil
end
end

Expand Down
6 changes: 6 additions & 0 deletions spec/spec_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,12 @@ def destroy?

class DashboardPolicy < Struct.new(:user, :dashboard); end

class DenierPolicy < Struct.new(:user, :record)
def update?
false
end
end

class Controller
include Pundit

Expand Down