stackoom
  简体   繁体   中英

Is it possible to use single method to authorise multiple controller action in Rails Pundit?

 原文  2016-10-25 06:28:40       ruby-on-rails/ pundit

Question

I am created new rails application and I want to restrict user actions based on only one condition like record can be editable by owner(created_by) and sub-owner(Added by owner). I have models like App, User and controller like AppController. In AppController I have more than one actions like index, create, show, update, delete. I have one policy like AppPolicy. Here I need to create only one method to verify all actions but by default each action requires another method like action_name? in policy class.

Example

Existing code: 

class AppPolicy < ApplicationPolicy
  class Scope < Scope
    def resolve
     scope
   end
 end

 def action1?
  record.users.include? (user)
 end

 def action2?
  record.users.include? (user)
 end

 def action3?
   record.users.include? (user)
 end

end

From above code we can see a same condition reside in all methods. I need to use only one method to verify action1, action2, action3. I don't know this is possible or not in Pundit.

2 answers

solution1
 0  2018-03-22 15:52:41

I know this is an old question but I just had the same problem.

I can think about 2 solutions:

solution 1

When you know all the actions that could be called.

You can use define_method , like this 

[:action1?, :action2?].each do |m|
  define_method(m) { record.users.include? (user) }
end

solution 2

When you don't know all the actions. (this could be dangerous)

You can use a combination of method_missing and respond_to_missing . The latter is needed since pundit will call internally respond_to before calling the corresponding method of the policy. Example: 

  def method_missing(m, *args, &block)
    record.users.include? (user)
  end

  def respond_to_missing?(method_name, include_private = false)
    true #Here it would be better to add some conditions
  end

solution2
 -4  2016-10-25 14:31:46

You can use cancan (or cancancan) gem rubygems link

You can create the ability configuration file with 

rails g cancan:ability

The authorize! method in your controller will raise an exception if the user is not able to perform the given action, so call it on before_action callback.

Documentation here

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rails, Devise, Pundit - authorise Profile created from Devise registration controller Ruby on Rails - pundit - unknown action for controller Multiple JSON responses in a single Rails controller action Authorise user to edit a particular field using Pundit in Rails Rails 5 - how to use Pundit Action and method in Rails controller Undefined method 'action' running single RSpec file for a rails controller Rails3 - Multiple queries or single query in controller action Rails - Pundit undefined method 'user' How to authorise action in a controller using CanCan ability?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM