Pundit
Gem
2. Run Command bundle install.
3. Include Pundit in your application controller:
class ApplicationController < ActionController::Base
include Pundit
protect_from_forgery
(For Error Message)
rescue_from Pundit::NotAuthorizedError,
with: :user_not_authorized
def user_not_authorized
flash[:warning] = "You are not authorized to perform this
action."
redirect_to(request.referrer || root_path)
end
end
4. Optionally, you can run the generator, which will set up
an application policy with some useful defaults for you:
rails g pundit:install
After generating your application policy, restart the Rails
server so that Rails can pick up any classes in the new
app/policies/ directory.
5. We suggest that you put these classes in app/policies.
File name:- (app/policies/user_policy.rb)
class UserPolicy < ApplicationPolicy
attr_reader :current_user
def initialize(current_user, user)
@current_user = current_user
@user = user
end
def index?
(@current_user.has_role? :administrator) ||
(@current_user
== @user)
end
def show?
false
end
def create?
false
end
def new?
create?
end
def update?
(@current_user.id == @user.id) ||
((@current_user.has_role? :administrator) and not
(@user.has_role? :administrator))
end
def edit?
(@current_user.id == @user.id) ||
((@current_user.has_role? :administrator) and not
(@user.has_role? :administrator))
end
def destroy?
(@current_user.id == @user.id) ||
((@current_user.has_role? :administrator) and not
(@user.has_role? :administrator))
end
end
6. The authorize method automatically infers that User will
have a matching UserPolicy class, and instantiates this
class, handing in the current user and the given record.
File Name:- (controllers/users_controller.rb)
def index
authorize @user
end
def edit
authorize @user
end
def update
if @user.update(user_params)
redirect_to user_path(@user), notice: 'User was
successfully updated.'
authorize @user
else
render :edit, alert: "Sorry. Something isn't right."
end
end
def destroy
if @user.destroy
redirect_to users_path, notice: 'User was successfully
destroyed.'
authorize @user
else
redirect_to user_path(@user), alert: "Sorry. Something isn't
right."
end
end
7. Policy File Name:- (app/policies/event_policy.rb)
class EventPolicy < ApplicationPolicy
attr_reader :current_user
def initialize(current_user, event)
@current_user = current_user
@event = event
end
def update?
(@current_user.has_role? :administrator)
end
def edit?
(@current_user.has_role? :administrator)
end
def destroy?
(@current_user.has_role? :administrator)
end
end
8. Controller File Name:- (events_controller.rb)
class EventsController < ApplicationController
def edit
@event = Event.find params[:id]
authorize @event
end
def update
@event = Event.find(params[:id])
authorize @event
end
def destroy
@event = Event.find(params[:id])
authorize @event
end
end
9. Policy File Name:- (app/policies/artist_policy.rb)
class ArtistPolicy < ApplicationPolicy
attr_reader :current_user
def initialize(current_user, artist,user)
@current_user = current_user
@user = user
@artist = artist
end
def update?
((@current_user.id == Artist.where(slug:
@artist.slug).first.id) ||
(@current_user.has_role? :administrator))
end
def edit?
((@current_user.id == Artist.where(slug:
@artist.slug).first.id) ||
(@current_user.has_role? :administrator))
end
def destroy?
((@current_user.id == Artist.where(slug:
@artist.slug).first.id) ||
(@current_user.has_role? :administrator))
end
end
No comments:
Post a Comment