add pundir style authorization
This commit is contained in:
parent
d815488b92
commit
485c0475b7
2
Gemfile
2
Gemfile
@ -20,7 +20,7 @@ gem 'kaminari'
|
||||
gem "ruby2js" , git: "https://github.com/ruby2js/ruby2js/" , branch: "haml_fix"
|
||||
gem 'thredded', '~> 1.0'
|
||||
gem "rest-client"
|
||||
|
||||
gem "pundit"
|
||||
|
||||
gem "simple_form" , "5.1.0"
|
||||
gem "simple_form_tailwind_css"
|
||||
|
||||
@ -443,6 +443,7 @@ DEPENDENCIES
|
||||
mina
|
||||
passenger
|
||||
pg (~> 1.1)
|
||||
pundit
|
||||
rails (~> 7.0)
|
||||
rest-client
|
||||
ruby2js!
|
||||
|
||||
@ -1,9 +1,13 @@
|
||||
class ApplicationController < ActionController::Base
|
||||
before_action :configure_permitted_parameters, if: :devise_controller?
|
||||
|
||||
protected
|
||||
include Pundit::Authorization
|
||||
|
||||
def configure_permitted_parameters
|
||||
alias :current_user :current_member #for pundit
|
||||
|
||||
protected
|
||||
|
||||
def configure_permitted_parameters
|
||||
devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@ -17,6 +17,7 @@ class TeachersController < ApplicationController
|
||||
|
||||
# GET /teachers/1/edit
|
||||
def edit
|
||||
authorize @teacher
|
||||
end
|
||||
|
||||
# POST /teachers
|
||||
@ -33,6 +34,7 @@ class TeachersController < ApplicationController
|
||||
|
||||
# PATCH/PUT /teachers/1
|
||||
def update
|
||||
authorize @teacher
|
||||
if @teacher.update(teacher_params)
|
||||
redirect_to @teacher, notice: "Teacher Profile was updated."
|
||||
else
|
||||
@ -42,6 +44,7 @@ class TeachersController < ApplicationController
|
||||
|
||||
# DELETE /teachers/1
|
||||
def destroy
|
||||
authorize @teacher
|
||||
@teacher.destroy
|
||||
redirect_to teachers_url, notice: "Teacher was successfully destroyed."
|
||||
end
|
||||
|
||||
53
app/policies/application_policy.rb
Normal file
53
app/policies/application_policy.rb
Normal file
@ -0,0 +1,53 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class ApplicationPolicy
|
||||
attr_reader :member, :record
|
||||
|
||||
def initialize(member, record)
|
||||
@member = member
|
||||
@record = record
|
||||
end
|
||||
|
||||
def index?
|
||||
false
|
||||
end
|
||||
|
||||
def show?
|
||||
false
|
||||
end
|
||||
|
||||
def create?
|
||||
false
|
||||
end
|
||||
|
||||
def new?
|
||||
create?
|
||||
end
|
||||
|
||||
def update?
|
||||
false
|
||||
end
|
||||
|
||||
def edit?
|
||||
update?
|
||||
end
|
||||
|
||||
def destroy?
|
||||
false
|
||||
end
|
||||
|
||||
class Scope
|
||||
def initialize(member, scope)
|
||||
@member = member
|
||||
@scope = scope
|
||||
end
|
||||
|
||||
def resolve
|
||||
raise NotImplementedError, "You must define #resolve in #{self.class}"
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
attr_reader :member, :scope
|
||||
end
|
||||
end
|
||||
9
app/policies/teacher_policy.rb
Normal file
9
app/policies/teacher_policy.rb
Normal file
@ -0,0 +1,9 @@
|
||||
class TeacherPolicy < ApplicationPolicy
|
||||
|
||||
def edit?
|
||||
(member == record.member) or member.admin?
|
||||
end
|
||||
alias :update? :edit?
|
||||
alias :destroy? :edit?
|
||||
|
||||
end
|
||||
Loading…
Reference in New Issue
Block a user