pundit: add initial application policy.

2020-03-15 13:48:34 -05:00
parent 15ba2f6cd7
commit 1d16034144
4 changed files with 83 additions and 1 deletions
--- a/1
+++ b/1
@@ -45,6 +45,7 @@ gem 'scenic'
 gem 'ipaddress'
 gem 'http'
 gem 'activerecord-hierarchical_query'
+gem 'pundit'

 # needed for looser jpeg header compat
 gem 'ruby-imagespec', :require => "image_spec", :git => "https://github.com/r888888888/ruby-imagespec.git", :branch => "exif-fixes"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -269,6 +269,8 @@ GEM
    public_suffix (4.0.3)
    puma (4.3.3)
      nio4r (~> 2.0)
+    pundit (2.1.0)
+      activesupport (>= 3.0.0)
    rack (2.2.2)
    rack-contrib (2.1.0)
      rack (~> 2.0)
@@ -447,6 +449,7 @@ DEPENDENCIES
  pry-inline
  pry-rails
  puma
+  pundit
  rack-mini-profiler
  rails (~> 6.0)
  rake
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,6 @@
 class ApplicationController < ActionController::Base
+  include Pundit
+
  class ApiLimitError < StandardError; end

  self.responder = ApplicationResponder
@@ -92,7 +94,7 @@ class ApplicationController < ActionController::Base
      render_error_page(401, exception, template: "sessions/new")
    when ActionController::InvalidAuthenticityToken, ActionController::UnpermittedParameters, ActionController::InvalidCrossOriginRequest
      render_error_page(403, exception)
-    when User::PrivilegeError
+    when User::PrivilegeError, Pundit::NotAuthorizedError
      render_error_page(403, exception, template: "static/access_denied", message: "Access denied")
    when ActiveRecord::RecordNotFound
      render_error_page(404, exception, message: "That record was not found.")
@@ -174,6 +176,14 @@ class ApplicationController < ActionController::Base
    end
  end

+  def pundit_user
+    [CurrentUser.user, request]
+  end
+
+  def pundit_params_for(record)
+    params.fetch(PolicyFinder.new(record).param_key, {})
+  end
+
  # Remove blank `search` params from the url.
  #
  # /tags?search[name]=touhou&search[category]=&search[order]=
--- a/app/policies/application_policy.rb
+++ b/app/policies/application_policy.rb
@@ -0,0 +1,68 @@
+class ApplicationPolicy
+  attr_reader :user, :request, :record
+
+  def initialize(context, record)
+    @user, @request = context
+    @record = record
+  end
+
+  def index?
+    true
+  end
+
+  def show?
+    index?
+  end
+
+  def search?
+    index?
+  end
+
+  def new?
+    create?
+  end
+
+  def create?
+    unbanned?
+  end
+
+  def edit?
+    update?
+  end
+
+  def update?
+    unbanned?
+  end
+
+  def destroy?
+    update?
+  end
+
+  def unbanned?
+    user.is_member? && !user.is_banned?
+  end
+
+  def policy(object)
+    Pundit.policy!([user, request], object)
+  end
+
+  def permitted_attributes
+    []
+  end
+
+  def permitted_attributes_for_create
+    permitted_attributes
+  end
+
+  def permitted_attributes_for_update
+    permitted_attributes
+  end
+
+  def permitted_attributes_for_new
+    permitted_attributes_for_create
+  end
+
+  def permitted_attributes_for_edit
+    permitted_attributes_for_update
+  end
+end