mirror of
https://github.com/Evolix/chexpire.git
synced 2024-05-11 13:08:39 +02:00
Added Pundit.
This commit is contained in:
parent
8af0a7739c
commit
610100d7cc
1
Gemfile
1
Gemfile
|
@ -14,6 +14,7 @@ gem 'puma', '~> 3.11'
|
||||||
gem 'devise', '~> 4.4'
|
gem 'devise', '~> 4.4'
|
||||||
gem 'devise-i18n', '~> 1.6'
|
gem 'devise-i18n', '~> 1.6'
|
||||||
gem 'simple_form', '~> 4.0'
|
gem 'simple_form', '~> 4.0'
|
||||||
|
gem 'pundit', '~> 1.1'
|
||||||
|
|
||||||
# Use SCSS for stylesheets
|
# Use SCSS for stylesheets
|
||||||
gem 'sass-rails', '~> 5.0'
|
gem 'sass-rails', '~> 5.0'
|
||||||
|
|
|
@ -162,6 +162,8 @@ GEM
|
||||||
pry (>= 0.10.4)
|
pry (>= 0.10.4)
|
||||||
public_suffix (3.0.2)
|
public_suffix (3.0.2)
|
||||||
puma (3.11.4)
|
puma (3.11.4)
|
||||||
|
pundit (1.1.0)
|
||||||
|
activesupport (>= 3.0.0)
|
||||||
rack (2.0.5)
|
rack (2.0.5)
|
||||||
rack-proxy (0.6.4)
|
rack-proxy (0.6.4)
|
||||||
rack
|
rack
|
||||||
|
@ -296,6 +298,7 @@ DEPENDENCIES
|
||||||
pry-byebug
|
pry-byebug
|
||||||
pry-rails
|
pry-rails
|
||||||
puma (~> 3.11)
|
puma (~> 3.11)
|
||||||
|
pundit (~> 1.1)
|
||||||
rails (~> 5.2.0)
|
rails (~> 5.2.0)
|
||||||
rails-i18n (~> 5.1)
|
rails-i18n (~> 5.1)
|
||||||
rubocop (~> 0.56.0)
|
rubocop (~> 0.56.0)
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
class ApplicationController < ActionController::Base
|
class ApplicationController < ActionController::Base
|
||||||
|
include Pundit
|
||||||
|
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
|
||||||
|
|
||||||
before_action :configure_devise_parameters, if: :devise_controller?
|
before_action :configure_devise_parameters, if: :devise_controller?
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
@ -7,4 +10,9 @@ class ApplicationController < ActionController::Base
|
||||||
devise_parameter_sanitizer.permit(:sign_up, keys: [:tos_accepted])
|
devise_parameter_sanitizer.permit(:sign_up, keys: [:tos_accepted])
|
||||||
devise_parameter_sanitizer.permit(:account_update, keys: [:notifications_enabled])
|
devise_parameter_sanitizer.permit(:account_update, keys: [:notifications_enabled])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def user_not_authorized
|
||||||
|
flash[:alert] = I18n.t("user_not_authorized", scope: :flashes)
|
||||||
|
redirect_to(request.referrer || root_path)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
53
app/policies/application_policy.rb
Normal file
53
app/policies/application_policy.rb
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
class ApplicationPolicy
|
||||||
|
attr_reader :user, :record
|
||||||
|
|
||||||
|
def initialize(user, record)
|
||||||
|
@user = user
|
||||||
|
@record = record
|
||||||
|
end
|
||||||
|
|
||||||
|
def index?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def show?
|
||||||
|
scope.where(id: record.id).exists?
|
||||||
|
end
|
||||||
|
|
||||||
|
def create?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def new?
|
||||||
|
create?
|
||||||
|
end
|
||||||
|
|
||||||
|
def update?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def edit?
|
||||||
|
update?
|
||||||
|
end
|
||||||
|
|
||||||
|
def destroy?
|
||||||
|
false
|
||||||
|
end
|
||||||
|
|
||||||
|
def scope
|
||||||
|
Pundit.policy_scope!(user, record.class)
|
||||||
|
end
|
||||||
|
|
||||||
|
class Scope
|
||||||
|
attr_reader :user, :scope
|
||||||
|
|
||||||
|
def initialize(user, scope)
|
||||||
|
@user = user
|
||||||
|
@scope = scope
|
||||||
|
end
|
||||||
|
|
||||||
|
def resolve
|
||||||
|
scope
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue