Ajout de Pundit
This commit is contained in:
parent
80903e7693
commit
78926f6a4c
2
Gemfile
2
Gemfile
|
@ -53,6 +53,8 @@ gem "heroicon"
|
|||
# Use Active Storage variants [https://guides.rubyonrails.org/active_storage_overview.html#transforming-images]
|
||||
# gem "image_processing", "~> 1.2"
|
||||
|
||||
gem 'pundit', "~> 2.1.1"
|
||||
|
||||
group :development, :test do
|
||||
# See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
|
||||
gem "debug", platforms: %i[ mri mingw x64_mingw ]
|
||||
|
|
|
@ -142,6 +142,8 @@ GEM
|
|||
public_suffix (4.0.6)
|
||||
puma (5.5.2)
|
||||
nio4r (~> 2.0)
|
||||
pundit (2.1.1)
|
||||
activesupport (>= 3.0.0)
|
||||
racc (1.6.0)
|
||||
rack (2.2.3)
|
||||
rack-test (1.1.0)
|
||||
|
@ -251,6 +253,7 @@ DEPENDENCIES
|
|||
importmap-rails
|
||||
jbuilder
|
||||
puma (~> 5.0)
|
||||
pundit (~> 2.1.1)
|
||||
rails (~> 7.0.0)
|
||||
redis (~> 4.0)
|
||||
selenium-webdriver
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
class ApplicationController < ActionController::Base
|
||||
include Authentication
|
||||
include Pundit
|
||||
end
|
||||
|
|
|
@ -3,7 +3,8 @@ class UsersController < ApplicationController
|
|||
|
||||
# GET /users or /users.json
|
||||
def index
|
||||
@users = User.all
|
||||
@users = policy_scope(User)
|
||||
# @users = User.all
|
||||
end
|
||||
|
||||
# GET /users/1 or /users/1.json
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class ApplicationPolicy
|
||||
attr_reader :user, :record
|
||||
|
||||
def initialize(user, record)
|
||||
@user = user
|
||||
@record = record
|
||||
end
|
||||
|
||||
def index?
|
||||
false
|
||||
end
|
||||
|
||||
def show?
|
||||
false
|
||||
end
|
||||
|
||||
def create?
|
||||
false
|
||||
end
|
||||
|
||||
def new?
|
||||
create?
|
||||
end
|
||||
|
||||
def update?
|
||||
false
|
||||
end
|
||||
|
||||
def edit?
|
||||
update?
|
||||
end
|
||||
|
||||
def destroy?
|
||||
false
|
||||
end
|
||||
|
||||
class Scope
|
||||
def initialize(user, scope)
|
||||
@user = user
|
||||
@scope = scope
|
||||
end
|
||||
|
||||
def resolve
|
||||
scope.all
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
attr_reader :user, :scope
|
||||
end
|
||||
end
|
|
@ -0,0 +1,11 @@
|
|||
class UserPolicy < ApplicationPolicy
|
||||
class Scope < Scope
|
||||
def resolve
|
||||
if user.admin?
|
||||
scope.all
|
||||
else
|
||||
scope.where(id: user.id)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -76,7 +76,8 @@
|
|||
</div>
|
||||
|
||||
<div>
|
||||
<%= controller_name %>
|
||||
Controller: <%= controller_name %>
|
||||
User: <%= current_user.email %>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
|
Loading…
Reference in New Issue