piko-pro-gem 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/piko-pro-gem.gemspec +12 -0
- data/pundit-2.5.2/CHANGELOG.md +196 -0
- data/pundit-2.5.2/CONTRIBUTING.md +31 -0
- data/pundit-2.5.2/LICENSE.txt +22 -0
- data/pundit-2.5.2/README.md +891 -0
- data/pundit-2.5.2/SECURITY.md +19 -0
- data/pundit-2.5.2/config/rubocop-rspec.yml +5 -0
- data/pundit-2.5.2/lib/generators/pundit/install/USAGE +2 -0
- data/pundit-2.5.2/lib/generators/pundit/install/install_generator.rb +15 -0
- data/pundit-2.5.2/lib/generators/pundit/install/templates/application_policy.rb.tt +53 -0
- data/pundit-2.5.2/lib/generators/pundit/policy/USAGE +8 -0
- data/pundit-2.5.2/lib/generators/pundit/policy/policy_generator.rb +17 -0
- data/pundit-2.5.2/lib/generators/pundit/policy/templates/policy.rb.tt +16 -0
- data/pundit-2.5.2/lib/generators/rspec/policy_generator.rb +16 -0
- data/pundit-2.5.2/lib/generators/rspec/templates/policy_spec.rb.tt +27 -0
- data/pundit-2.5.2/lib/generators/test_unit/policy_generator.rb +16 -0
- data/pundit-2.5.2/lib/generators/test_unit/templates/policy_test.rb.tt +18 -0
- data/pundit-2.5.2/lib/pundit/authorization.rb +269 -0
- data/pundit-2.5.2/lib/pundit/cache_store/legacy_store.rb +27 -0
- data/pundit-2.5.2/lib/pundit/cache_store/null_store.rb +30 -0
- data/pundit-2.5.2/lib/pundit/cache_store.rb +24 -0
- data/pundit-2.5.2/lib/pundit/context.rb +190 -0
- data/pundit-2.5.2/lib/pundit/error.rb +71 -0
- data/pundit-2.5.2/lib/pundit/helper.rb +16 -0
- data/pundit-2.5.2/lib/pundit/policy_finder.rb +135 -0
- data/pundit-2.5.2/lib/pundit/railtie.rb +20 -0
- data/pundit-2.5.2/lib/pundit/rspec.rb +165 -0
- data/pundit-2.5.2/lib/pundit/version.rb +6 -0
- data/pundit-2.5.2/lib/pundit.rb +77 -0
- metadata +70 -0
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
Please do not file an issue on GitHub, or send a PR addressing the issue.
|
|
4
|
+
|
|
5
|
+
## Supported versions
|
|
6
|
+
|
|
7
|
+
Most recent major version only.
|
|
8
|
+
|
|
9
|
+
## Reporting a vulnerability
|
|
10
|
+
|
|
11
|
+
Contact one of the maintainers directly:
|
|
12
|
+
|
|
13
|
+
* [@Burgestrand](https://github.com/Burgestrand)
|
|
14
|
+
* [@dgmstuart](https://github.com/dgmstuart)
|
|
15
|
+
* [@varvet](https://github.com/varvet)
|
|
16
|
+
|
|
17
|
+
You can report vulnerabilities on GitHub too: https://github.com/varvet/pundit/security
|
|
18
|
+
|
|
19
|
+
Thank you!
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Pundit
|
|
4
|
+
# @private
|
|
5
|
+
module Generators
|
|
6
|
+
# @private
|
|
7
|
+
class InstallGenerator < ::Rails::Generators::Base
|
|
8
|
+
source_root File.expand_path("templates", __dir__)
|
|
9
|
+
|
|
10
|
+
def copy_application_policy
|
|
11
|
+
template "application_policy.rb.tt", "app/policies/application_policy.rb"
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
class ApplicationPolicy
|
|
4
|
+
attr_reader :user, :record
|
|
5
|
+
|
|
6
|
+
def initialize(user, record)
|
|
7
|
+
@user = user
|
|
8
|
+
@record = record
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def index?
|
|
12
|
+
false
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def show?
|
|
16
|
+
false
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def create?
|
|
20
|
+
false
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def new?
|
|
24
|
+
create?
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def update?
|
|
28
|
+
false
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def edit?
|
|
32
|
+
update?
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def destroy?
|
|
36
|
+
false
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
class Scope
|
|
40
|
+
def initialize(user, scope)
|
|
41
|
+
@user = user
|
|
42
|
+
@scope = scope
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def resolve
|
|
46
|
+
raise NoMethodError, "You must define #resolve in #{self.class}"
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
private
|
|
50
|
+
|
|
51
|
+
attr_reader :user, :scope
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Pundit
|
|
4
|
+
# @private
|
|
5
|
+
module Generators
|
|
6
|
+
# @private
|
|
7
|
+
class PolicyGenerator < ::Rails::Generators::NamedBase
|
|
8
|
+
source_root File.expand_path("templates", __dir__)
|
|
9
|
+
|
|
10
|
+
def create_policy
|
|
11
|
+
template "policy.rb.tt", File.join("app/policies", class_path, "#{file_name}_policy.rb")
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
hook_for :test_framework
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
<% module_namespacing do -%>
|
|
2
|
+
class <%= class_name %>Policy < ApplicationPolicy
|
|
3
|
+
# NOTE: Up to Pundit v2.3.1, the inheritance was declared as
|
|
4
|
+
# `Scope < Scope` rather than `Scope < ApplicationPolicy::Scope`.
|
|
5
|
+
# In most cases the behavior will be identical, but if updating existing
|
|
6
|
+
# code, beware of possible changes to the ancestors:
|
|
7
|
+
# https://gist.github.com/Burgestrand/4b4bc22f31c8a95c425fc0e30d7ef1f5
|
|
8
|
+
|
|
9
|
+
class Scope < ApplicationPolicy::Scope
|
|
10
|
+
# NOTE: Be explicit about which records you allow access to!
|
|
11
|
+
# def resolve
|
|
12
|
+
# scope.all
|
|
13
|
+
# end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
<% end -%>
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# @private
|
|
4
|
+
module Rspec
|
|
5
|
+
# @private
|
|
6
|
+
module Generators
|
|
7
|
+
# @private
|
|
8
|
+
class PolicyGenerator < ::Rails::Generators::NamedBase
|
|
9
|
+
source_root File.expand_path("templates", __dir__)
|
|
10
|
+
|
|
11
|
+
def create_policy_spec
|
|
12
|
+
template "policy_spec.rb.tt", File.join("spec/policies", class_path, "#{file_name}_policy_spec.rb")
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
require '<%= File.exist?('spec/rails_helper.rb') ? 'rails_helper' : 'spec_helper' %>'
|
|
2
|
+
|
|
3
|
+
RSpec.describe <%= class_name %>Policy, type: :policy do
|
|
4
|
+
let(:user) { User.new }
|
|
5
|
+
|
|
6
|
+
subject { described_class }
|
|
7
|
+
|
|
8
|
+
permissions ".scope" do
|
|
9
|
+
pending "add some examples to (or delete) #{__FILE__}"
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
permissions :show? do
|
|
13
|
+
pending "add some examples to (or delete) #{__FILE__}"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
permissions :create? do
|
|
17
|
+
pending "add some examples to (or delete) #{__FILE__}"
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
permissions :update? do
|
|
21
|
+
pending "add some examples to (or delete) #{__FILE__}"
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
permissions :destroy? do
|
|
25
|
+
pending "add some examples to (or delete) #{__FILE__}"
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
# @private
|
|
4
|
+
module TestUnit
|
|
5
|
+
# @private
|
|
6
|
+
module Generators
|
|
7
|
+
# @private
|
|
8
|
+
class PolicyGenerator < ::Rails::Generators::NamedBase
|
|
9
|
+
source_root File.expand_path("templates", __dir__)
|
|
10
|
+
|
|
11
|
+
def create_policy_test
|
|
12
|
+
template "policy_test.rb.tt", File.join("test/policies", class_path, "#{file_name}_policy_test.rb")
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -0,0 +1,269 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Pundit
|
|
4
|
+
# Pundit DSL to include in your controllers to provide authorization helpers.
|
|
5
|
+
#
|
|
6
|
+
# @example
|
|
7
|
+
# class ApplicationController < ActionController::Base
|
|
8
|
+
# include Pundit::Authorization
|
|
9
|
+
# end
|
|
10
|
+
# @see #pundit
|
|
11
|
+
# @api public
|
|
12
|
+
# @since v2.2.0
|
|
13
|
+
module Authorization
|
|
14
|
+
extend ActiveSupport::Concern
|
|
15
|
+
|
|
16
|
+
included do
|
|
17
|
+
helper Helper if respond_to?(:helper)
|
|
18
|
+
if respond_to?(:helper_method)
|
|
19
|
+
helper_method :policy
|
|
20
|
+
helper_method :pundit_policy_scope
|
|
21
|
+
helper_method :pundit_user
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
protected
|
|
26
|
+
|
|
27
|
+
# An instance of {Pundit::Context} initialized with the current user.
|
|
28
|
+
#
|
|
29
|
+
# @note this method is memoized and will return the same instance during the request.
|
|
30
|
+
# @api public
|
|
31
|
+
# @return [Pundit::Context]
|
|
32
|
+
# @see #pundit_user
|
|
33
|
+
# @see #policies
|
|
34
|
+
# @since v2.3.2
|
|
35
|
+
def pundit
|
|
36
|
+
@pundit ||= Pundit::Context.new(
|
|
37
|
+
user: pundit_user,
|
|
38
|
+
policy_cache: Pundit::CacheStore::LegacyStore.new(policies)
|
|
39
|
+
)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
# Hook method which allows customizing which user is passed to policies and
|
|
43
|
+
# scopes initialized by {#authorize}, {#policy} and {#policy_scope}.
|
|
44
|
+
#
|
|
45
|
+
# @note Make sure to call `pundit_reset!` if this changes during a request.
|
|
46
|
+
# @see https://github.com/varvet/pundit#customize-pundit-user
|
|
47
|
+
# @see #pundit
|
|
48
|
+
# @see #pundit_reset!
|
|
49
|
+
# @return [Object] the user object to be used with pundit
|
|
50
|
+
# @since v0.2.2
|
|
51
|
+
def pundit_user
|
|
52
|
+
current_user
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# Clears the cached Pundit authorization data.
|
|
56
|
+
#
|
|
57
|
+
# This method should be called when the pundit_user is changed,
|
|
58
|
+
# such as during user switching, to ensure that stale authorization
|
|
59
|
+
# data is not used. Pundit caches authorization policies and scopes
|
|
60
|
+
# for the pundit_user, so calling this method will reset those
|
|
61
|
+
# caches and ensure that the next authorization checks are performed
|
|
62
|
+
# with the correct context for the new pundit_user.
|
|
63
|
+
#
|
|
64
|
+
# @return [void]
|
|
65
|
+
# @since v2.5.0
|
|
66
|
+
def pundit_reset!
|
|
67
|
+
@pundit = nil
|
|
68
|
+
@_pundit_policies = nil
|
|
69
|
+
@_pundit_policy_scopes = nil
|
|
70
|
+
@_pundit_policy_authorized = nil
|
|
71
|
+
@_pundit_policy_scoped = nil
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
# @!group Policies
|
|
75
|
+
|
|
76
|
+
# Retrieves the policy for the given record, initializing it with the record
|
|
77
|
+
# and current user and finally throwing an error if the user is not
|
|
78
|
+
# authorized to perform the given action.
|
|
79
|
+
#
|
|
80
|
+
# @param record [Object, Array] the object we're checking permissions of
|
|
81
|
+
# @param query [Symbol, String] the predicate method to check on the policy (e.g. `:show?`).
|
|
82
|
+
# If omitted then this defaults to the Rails controller action name.
|
|
83
|
+
# @param policy_class [Class] the policy class we want to force use of
|
|
84
|
+
# @raise [NotAuthorizedError] if the given query method returned false
|
|
85
|
+
# @return [record] Always returns the passed object record
|
|
86
|
+
# @see Pundit::Context#authorize
|
|
87
|
+
# @see #verify_authorized
|
|
88
|
+
# @since v0.1.0
|
|
89
|
+
def authorize(record, query = nil, policy_class: nil)
|
|
90
|
+
query ||= "#{action_name}?"
|
|
91
|
+
|
|
92
|
+
@_pundit_policy_authorized = true
|
|
93
|
+
|
|
94
|
+
pundit.authorize(record, query: query, policy_class: policy_class)
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
# Allow this action not to perform authorization.
|
|
98
|
+
#
|
|
99
|
+
# @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
|
|
100
|
+
# @return [void]
|
|
101
|
+
# @see #verify_authorized
|
|
102
|
+
# @since v1.0.0
|
|
103
|
+
def skip_authorization
|
|
104
|
+
@_pundit_policy_authorized = :skipped
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
# @return [Boolean] wether or not authorization has been performed
|
|
108
|
+
# @see #authorize
|
|
109
|
+
# @see #skip_authorization
|
|
110
|
+
# @since v1.0.0
|
|
111
|
+
def pundit_policy_authorized?
|
|
112
|
+
!!@_pundit_policy_authorized
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
# Raises an error if authorization has not been performed.
|
|
116
|
+
#
|
|
117
|
+
# Usually used as an `after_action` filter to prevent programmer error in
|
|
118
|
+
# forgetting to call {#authorize} or {#skip_authorization}.
|
|
119
|
+
#
|
|
120
|
+
# @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
|
|
121
|
+
# @raise [AuthorizationNotPerformedError] if authorization has not been performed
|
|
122
|
+
# @return [void]
|
|
123
|
+
# @see #authorize
|
|
124
|
+
# @see #skip_authorization
|
|
125
|
+
# @since v0.1.0
|
|
126
|
+
def verify_authorized
|
|
127
|
+
raise AuthorizationNotPerformedError, self.class unless pundit_policy_authorized?
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
# rubocop:disable Naming/MemoizedInstanceVariableName
|
|
131
|
+
|
|
132
|
+
# Cache of policies. You should not rely on this method.
|
|
133
|
+
#
|
|
134
|
+
# @api private
|
|
135
|
+
# @since v1.0.0
|
|
136
|
+
def policies
|
|
137
|
+
@_pundit_policies ||= {}
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
# rubocop:enable Naming/MemoizedInstanceVariableName
|
|
141
|
+
|
|
142
|
+
# @!endgroup
|
|
143
|
+
|
|
144
|
+
# Retrieves the policy for the given record.
|
|
145
|
+
#
|
|
146
|
+
# @see https://github.com/varvet/pundit#policies
|
|
147
|
+
# @param record [Object] the object we're retrieving the policy for
|
|
148
|
+
# @return [Object] instance of policy class with query methods
|
|
149
|
+
# @since v0.1.0
|
|
150
|
+
def policy(record)
|
|
151
|
+
pundit.policy!(record)
|
|
152
|
+
end
|
|
153
|
+
|
|
154
|
+
# @!group Policy Scopes
|
|
155
|
+
|
|
156
|
+
# Retrieves the policy scope for the given record.
|
|
157
|
+
#
|
|
158
|
+
# @see https://github.com/varvet/pundit#scopes
|
|
159
|
+
# @param scope [Object] the object we're retrieving the policy scope for
|
|
160
|
+
# @param policy_scope_class [#resolve] the policy scope class we want to force use of
|
|
161
|
+
# @return [#resolve, nil] instance of scope class which can resolve to a scope
|
|
162
|
+
# @since v0.1.0
|
|
163
|
+
def policy_scope(scope, policy_scope_class: nil)
|
|
164
|
+
@_pundit_policy_scoped = true
|
|
165
|
+
policy_scope_class ? policy_scope_class.new(pundit_user, scope).resolve : pundit_policy_scope(scope)
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
# Allow this action not to perform policy scoping.
|
|
169
|
+
#
|
|
170
|
+
# @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
|
|
171
|
+
# @return [void]
|
|
172
|
+
# @see #verify_policy_scoped
|
|
173
|
+
# @since v1.0.0
|
|
174
|
+
def skip_policy_scope
|
|
175
|
+
@_pundit_policy_scoped = :skipped
|
|
176
|
+
end
|
|
177
|
+
|
|
178
|
+
# @return [Boolean] wether or not policy scoping has been performed
|
|
179
|
+
# @see #policy_scope
|
|
180
|
+
# @see #skip_policy_scope
|
|
181
|
+
# @since v1.0.0
|
|
182
|
+
def pundit_policy_scoped?
|
|
183
|
+
!!@_pundit_policy_scoped
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
# Raises an error if policy scoping has not been performed.
|
|
187
|
+
#
|
|
188
|
+
# Usually used as an `after_action` filter to prevent programmer error in
|
|
189
|
+
# forgetting to call {#policy_scope} or {#skip_policy_scope} in index
|
|
190
|
+
# actions.
|
|
191
|
+
#
|
|
192
|
+
# @see https://github.com/varvet/pundit#ensuring-policies-and-scopes-are-used
|
|
193
|
+
# @raise [AuthorizationNotPerformedError] if policy scoping has not been performed
|
|
194
|
+
# @return [void]
|
|
195
|
+
# @see #policy_scope
|
|
196
|
+
# @see #skip_policy_scope
|
|
197
|
+
# @since v0.2.1
|
|
198
|
+
def verify_policy_scoped
|
|
199
|
+
raise PolicyScopingNotPerformedError, self.class unless pundit_policy_scoped?
|
|
200
|
+
end
|
|
201
|
+
|
|
202
|
+
# rubocop:disable Naming/MemoizedInstanceVariableName
|
|
203
|
+
|
|
204
|
+
# Cache of policy scope. You should not rely on this method.
|
|
205
|
+
#
|
|
206
|
+
# @api private
|
|
207
|
+
# @since v1.0.0
|
|
208
|
+
def policy_scopes
|
|
209
|
+
@_pundit_policy_scopes ||= {}
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
# rubocop:enable Naming/MemoizedInstanceVariableName
|
|
213
|
+
|
|
214
|
+
# This was added to allow calling `policy_scope!` without flipping the
|
|
215
|
+
# `pundit_policy_scoped?` flag.
|
|
216
|
+
#
|
|
217
|
+
# It's used internally by `policy_scope`, as well as from the views
|
|
218
|
+
# when they call `policy_scope`. It works because views get their helper
|
|
219
|
+
# from {Pundit::Helper}.
|
|
220
|
+
#
|
|
221
|
+
# @note This also memoizes the instance with `scope` as the key.
|
|
222
|
+
# @see Pundit::Helper#policy_scope
|
|
223
|
+
# @api private
|
|
224
|
+
# @since v1.0.0
|
|
225
|
+
def pundit_policy_scope(scope)
|
|
226
|
+
policy_scopes[scope] ||= pundit.policy_scope!(scope)
|
|
227
|
+
end
|
|
228
|
+
private :pundit_policy_scope
|
|
229
|
+
|
|
230
|
+
# @!endgroup
|
|
231
|
+
|
|
232
|
+
# @!group Strong Parameters
|
|
233
|
+
|
|
234
|
+
# Retrieves a set of permitted attributes from the policy.
|
|
235
|
+
#
|
|
236
|
+
# Done by instantiating the policy class for the given record and calling
|
|
237
|
+
# `permitted_attributes` on it, or `permitted_attributes_for_{action}` if
|
|
238
|
+
# `action` is defined. It then infers what key the record should have in the
|
|
239
|
+
# params hash and retrieves the permitted attributes from the params hash
|
|
240
|
+
# under that key.
|
|
241
|
+
#
|
|
242
|
+
# @see https://github.com/varvet/pundit#strong-parameters
|
|
243
|
+
# @param record [Object] the object we're retrieving permitted attributes for
|
|
244
|
+
# @param action [Symbol, String] the name of the action being performed on the record (e.g. `:update`).
|
|
245
|
+
# If omitted then this defaults to the Rails controller action name.
|
|
246
|
+
# @return [Hash{String => Object}] the permitted attributes
|
|
247
|
+
# @since v1.0.0
|
|
248
|
+
def permitted_attributes(record, action = action_name)
|
|
249
|
+
policy = policy(record)
|
|
250
|
+
method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
|
|
251
|
+
"permitted_attributes_for_#{action}"
|
|
252
|
+
else
|
|
253
|
+
"permitted_attributes"
|
|
254
|
+
end
|
|
255
|
+
pundit_params_for(record).permit(*policy.public_send(method_name))
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
# Retrieves the params for the given record.
|
|
259
|
+
#
|
|
260
|
+
# @param record [Object] the object we're retrieving params for
|
|
261
|
+
# @return [ActionController::Parameters] the params
|
|
262
|
+
# @since v2.0.0
|
|
263
|
+
def pundit_params_for(record)
|
|
264
|
+
params.require(PolicyFinder.new(record).param_key)
|
|
265
|
+
end
|
|
266
|
+
|
|
267
|
+
# @!endgroup
|
|
268
|
+
end
|
|
269
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Pundit
|
|
4
|
+
module CacheStore
|
|
5
|
+
# A cache store that uses only the record as a cache key, and ignores the user.
|
|
6
|
+
#
|
|
7
|
+
# The original cache mechanism used by Pundit.
|
|
8
|
+
#
|
|
9
|
+
# @api private
|
|
10
|
+
# @since v2.3.2
|
|
11
|
+
class LegacyStore
|
|
12
|
+
# @since v2.3.2
|
|
13
|
+
def initialize(hash = {})
|
|
14
|
+
@store = hash
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# A cache store that uses only the record as a cache key, and ignores the user.
|
|
18
|
+
#
|
|
19
|
+
# @note `nil` results are not cached.
|
|
20
|
+
# @since v2.3.2
|
|
21
|
+
def fetch(user:, record:)
|
|
22
|
+
_ = user
|
|
23
|
+
@store[record] ||= yield
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Pundit
|
|
4
|
+
module CacheStore
|
|
5
|
+
# A cache store that does not cache anything.
|
|
6
|
+
#
|
|
7
|
+
# Use `NullStore.instance` to get the singleton instance, it is thread-safe.
|
|
8
|
+
#
|
|
9
|
+
# @see Pundit::Context#initialize
|
|
10
|
+
# @api private
|
|
11
|
+
# @since v2.3.2
|
|
12
|
+
class NullStore
|
|
13
|
+
@instance = new
|
|
14
|
+
|
|
15
|
+
class << self
|
|
16
|
+
# @since v2.3.2
|
|
17
|
+
# @return [NullStore] the singleton instance
|
|
18
|
+
attr_reader :instance
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# Always yields, does not cache anything.
|
|
22
|
+
# @yield
|
|
23
|
+
# @return [any] whatever the block returns.
|
|
24
|
+
# @since v2.3.2
|
|
25
|
+
def fetch(*, **)
|
|
26
|
+
yield
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Pundit
|
|
4
|
+
# Namespace for cache store implementations.
|
|
5
|
+
#
|
|
6
|
+
# Cache stores are used to cache policy lookups, so you get the same policy
|
|
7
|
+
# instance for the same record.
|
|
8
|
+
# @since v2.3.2
|
|
9
|
+
module CacheStore
|
|
10
|
+
# @!group Cache Store Interface
|
|
11
|
+
|
|
12
|
+
# @!method fetch(user:, record:, &block)
|
|
13
|
+
# Looks up a stored policy or generate a new one.
|
|
14
|
+
#
|
|
15
|
+
# @since v2.3.2
|
|
16
|
+
# @note This is a method template, but the method does not exist in this module.
|
|
17
|
+
# @param user [Object] the user that initiated the action
|
|
18
|
+
# @param record [Object] the object being accessed
|
|
19
|
+
# @param block [Proc] the block to execute if missing
|
|
20
|
+
# @return [Object] the policy
|
|
21
|
+
|
|
22
|
+
# @!endgroup
|
|
23
|
+
end
|
|
24
|
+
end
|