pundit_can 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +11 -6
- data/lib/pundit_can/load_and_authorize.rb +20 -9
- data/lib/pundit_can/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 68cee5b5723a2c0b9640e59280996fc46df7d91b3def9b26a586e13350e94788
|
|
4
|
+
data.tar.gz: 543cb75c45f2ff523c80a1339a9e474a61b65610206fa68ff5c4da5a365d2268
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ac50a363d20811f5853520cebb4ab6e16cb1d0b59c91e8d81df311df97fafb36e72116c27343e723210f6024254c257ba6082744eeaa4df00f18ce893bd4a7fd
|
|
7
|
+
data.tar.gz: d6898b262559d7cd73215b8227de81e387d73257525bcde96611847c821223f54a173fcd0c016dfe4dedfdae8d503afc1b148b387c7dd13a5475e7db8244969f
|
data/README.md
CHANGED
|
@@ -19,25 +19,30 @@ This will load `@user` from `User` using the `UserPolicy` to authorize and scope
|
|
|
19
19
|
|
|
20
20
|
### Advanced usage
|
|
21
21
|
|
|
22
|
-
There is support for loading multiple models. However, there isn't a `:through` option, like cancan,
|
|
23
|
-
instead loading still goes through Pundit scopes.
|
|
24
|
-
|
|
25
22
|
There are options to customize the loaded instance_name, model, and policy classes.
|
|
26
23
|
|
|
27
24
|
#### Parent / nested
|
|
28
25
|
|
|
29
|
-
This is
|
|
26
|
+
This is an example of loading User and Posts, where posts are scoped through the user.
|
|
30
27
|
```ruby
|
|
31
28
|
class PostsController < ApplicationController
|
|
32
29
|
load_resource model_class: User, parent: true
|
|
33
|
-
load_resource
|
|
30
|
+
load_resource through: :user
|
|
34
31
|
|
|
35
32
|
...
|
|
36
33
|
end
|
|
37
34
|
```
|
|
38
35
|
|
|
36
|
+
The `:through` option tells `load_resource` to pass the parent's association as the scope
|
|
37
|
+
through the policy. For example, if `@user` was loaded by the first call, the second call
|
|
38
|
+
will pass `@user.posts` to `PostPolicy::Scope` instead of `Post.all`. This allows the
|
|
39
|
+
policy scope to work with the already-authorized parent.
|
|
40
|
+
|
|
39
41
|
That will load `@user` from the `UserPolicy` into a `User` class, using `:user_id` to find the user.
|
|
40
|
-
And it will
|
|
42
|
+
And it will load `@post` or `@posts` using the `PostPolicy` with the `:id` param.
|
|
43
|
+
|
|
44
|
+
If there is no parent instance variable set (e.g., a non-nested route), it will fall back
|
|
45
|
+
to the default behavior of scoping with the model class.
|
|
41
46
|
|
|
42
47
|
#### Customized loading
|
|
43
48
|
|
|
@@ -68,6 +68,10 @@ module PunditCan
|
|
|
68
68
|
#
|
|
69
69
|
# @param [Boolean] parent Optional. Changes the loading for parent classes. Default +false+
|
|
70
70
|
#
|
|
71
|
+
# @param [Symbol] through Optional. When the resource is loaded through a parent relationship,
|
|
72
|
+
# the scope passed to the policy will be the parent's association. For example,
|
|
73
|
+
# +through: :user+ will pass +@user.posts+ as the scope to the PostPolicy.
|
|
74
|
+
#
|
|
71
75
|
# @param [Constant] policy_class Optional. The policy class to use. Defaults from controller name.
|
|
72
76
|
#
|
|
73
77
|
# @param [Constant] policy_scope_class Optional. The policy scope class to use. Defaults from controller name.
|
|
@@ -90,12 +94,19 @@ module PunditCan
|
|
|
90
94
|
instance_name = (options[:instance_name] || model_instance_name(options) || resource_class_name.underscore).to_s
|
|
91
95
|
param_key = get_param_key(options, instance_name, model_class)
|
|
92
96
|
|
|
97
|
+
policy_kwopts = options.extract!(:policy_class)
|
|
98
|
+
policy_scope_kwopts = options.extract!(:policy_scope_class)
|
|
99
|
+
|
|
93
100
|
loaded = if options[:parent]
|
|
94
|
-
load_parent_instance_var(model_class, param_key,
|
|
95
|
-
options.extract!(:policy_scope_class))
|
|
101
|
+
load_parent_instance_var(model_class, param_key, policy_kwopts, policy_scope_kwopts)
|
|
96
102
|
else
|
|
97
|
-
|
|
98
|
-
|
|
103
|
+
# When :through is specified, pass the parent's association as the scope
|
|
104
|
+
scope_class = if options[:through] && (parent = instance_variable_get("@#{options[:through]}"))
|
|
105
|
+
parent.public_send(model_class.name.underscore.pluralize)
|
|
106
|
+
else
|
|
107
|
+
model_class
|
|
108
|
+
end
|
|
109
|
+
load_instance_var(model_class, param_key, policy_kwopts, policy_scope_kwopts, scope_class)
|
|
99
110
|
end
|
|
100
111
|
|
|
101
112
|
instance_name = instance_name.pluralize unless loaded.is_a?(model_class)
|
|
@@ -116,21 +127,21 @@ module PunditCan
|
|
|
116
127
|
options[:model_class].name.underscore if options[:model_class].present? && options[:parent]
|
|
117
128
|
end
|
|
118
129
|
|
|
119
|
-
def load_instance_var(model_class, param_key, policy_kwopts, policy_scope_kwopts)
|
|
130
|
+
def load_instance_var(model_class, param_key, policy_kwopts, policy_scope_kwopts, scope_class = model_class)
|
|
120
131
|
case params[:action]
|
|
121
132
|
when "index"
|
|
122
|
-
load_scope(
|
|
133
|
+
load_scope(scope_class, policy_kwopts, policy_scope_kwopts)
|
|
123
134
|
when "new"
|
|
124
135
|
authorize(model_class.new, **policy_kwopts)
|
|
125
136
|
when "create"
|
|
126
137
|
authorize(model_class.new(permitted_attributes(model_class)), **policy_kwopts)
|
|
127
138
|
when "edit", "update", "show", "destroy"
|
|
128
|
-
load_model(
|
|
139
|
+
load_model(scope_class, param_key, policy_kwopts, policy_scope_kwopts)
|
|
129
140
|
else
|
|
130
141
|
if params[param_key]
|
|
131
|
-
load_model(
|
|
142
|
+
load_model(scope_class, param_key, policy_kwopts, policy_scope_kwopts)
|
|
132
143
|
else
|
|
133
|
-
load_scope(
|
|
144
|
+
load_scope(scope_class, policy_kwopts, policy_scope_kwopts)
|
|
134
145
|
end
|
|
135
146
|
end
|
|
136
147
|
end
|
data/lib/pundit_can/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pundit_can
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- candland
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2026-03-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: pundit
|
|
@@ -89,7 +89,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
89
89
|
- !ruby/object:Gem::Version
|
|
90
90
|
version: '0'
|
|
91
91
|
requirements: []
|
|
92
|
-
rubygems_version: 3.
|
|
92
|
+
rubygems_version: 3.5.22
|
|
93
93
|
signing_key:
|
|
94
94
|
specification_version: 4
|
|
95
95
|
summary: Add cancan like load and authorize to controllers.
|