add pundir style authorization

2023-01-15 21:50:58 +02:00 · 2023-01-15 21:50:58 +02:00 · 485c0475b7
parent d815488b92
commit 485c0475b7
6 changed files with 74 additions and 4 deletions
--- a/2
+++ b/2
@ -20,7 +20,7 @@ gem 'kaminari'
 gem "ruby2js" , git: "https://github.com/ruby2js/ruby2js/" , branch: "haml_fix"
 gem 'thredded', '~> 1.0'
 gem "rest-client"
-
+gem "pundit"

 gem "simple_form" , "5.1.0"
 gem "simple_form_tailwind_css"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -443,6 +443,7 @@ DEPENDENCIES
  mina
  passenger
  pg (~> 1.1)
+  pundit
  rails (~> 7.0)
  rest-client
  ruby2js!
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -1,9 +1,13 @@
 class ApplicationController < ActionController::Base
  before_action :configure_permitted_parameters, if: :devise_controller?

-   protected
+  include Pundit::Authorization

-   def configure_permitted_parameters
+  alias :current_user :current_member #for pundit
+
+  protected
+
+  def configure_permitted_parameters
     devise_parameter_sanitizer.permit(:sign_up, keys: [:name])
-   end
+  end
 end
--- a/app/controllers/teachers_controller.rb
+++ b/app/controllers/teachers_controller.rb
@ -17,6 +17,7 @@ class TeachersController < ApplicationController

  # GET /teachers/1/edit
  def edit
+    authorize @teacher
  end

  # POST /teachers
@ -33,6 +34,7 @@ class TeachersController < ApplicationController

  # PATCH/PUT /teachers/1
  def update
+    authorize @teacher
    if @teacher.update(teacher_params)
      redirect_to @teacher, notice: "Teacher Profile was updated."
    else
@ -42,6 +44,7 @@ class TeachersController < ApplicationController

  # DELETE /teachers/1
  def destroy
+    authorize @teacher
    @teacher.destroy
    redirect_to teachers_url, notice: "Teacher was successfully destroyed."
  end
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :member, :record
+
+  def initialize(member, record)
+    @member = member
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    def initialize(member, scope)
+      @member = member
+      @scope = scope
+    end
+
+    def resolve
+      raise NotImplementedError, "You must define #resolve in #{self.class}"
+    end
+
+    private
+
+    attr_reader :member, :scope
+  end
+end
--- a/app/policies/teacher_policy.rb
+++ b/app/policies/teacher_policy.rb
@ -0,0 +1,9 @@
+class TeacherPolicy < ApplicationPolicy
+
+  def edit?
+    (member == record.member) or member.admin?
+  end
+  alias :update? :edit?
+  alias :destroy? :edit?
+
+end