From 1d16034144593223e5140a3f6d17f4c216ee7ac3 Mon Sep 17 00:00:00 2001 From: evazion Date: Sun, 15 Mar 2020 13:48:34 -0500 Subject: [PATCH] pundit: add initial application policy. --- Gemfile | 1 + Gemfile.lock | 3 + app/controllers/application_controller.rb | 12 +++- app/policies/application_policy.rb | 68 +++++++++++++++++++++++ 4 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 app/policies/application_policy.rb diff --git a/Gemfile b/Gemfile index bb53c1da3..3f9c05419 100644 --- a/Gemfile +++ b/Gemfile @@ -45,6 +45,7 @@ gem 'scenic' gem 'ipaddress' gem 'http' gem 'activerecord-hierarchical_query' +gem 'pundit' # needed for looser jpeg header compat gem 'ruby-imagespec', :require => "image_spec", :git => "https://github.com/r888888888/ruby-imagespec.git", :branch => "exif-fixes" diff --git a/Gemfile.lock b/Gemfile.lock index 220ff4da4..dfe71e21d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -269,6 +269,8 @@ GEM public_suffix (4.0.3) puma (4.3.3) nio4r (~> 2.0) + pundit (2.1.0) + activesupport (>= 3.0.0) rack (2.2.2) rack-contrib (2.1.0) rack (~> 2.0) @@ -447,6 +449,7 @@ DEPENDENCIES pry-inline pry-rails puma + pundit rack-mini-profiler rails (~> 6.0) rake diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 6c4a0673d..8d8157615 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,4 +1,6 @@ class ApplicationController < ActionController::Base + include Pundit + class ApiLimitError < StandardError; end self.responder = ApplicationResponder @@ -92,7 +94,7 @@ class ApplicationController < ActionController::Base render_error_page(401, exception, template: "sessions/new") when ActionController::InvalidAuthenticityToken, ActionController::UnpermittedParameters, ActionController::InvalidCrossOriginRequest render_error_page(403, exception) - when User::PrivilegeError + when User::PrivilegeError, Pundit::NotAuthorizedError render_error_page(403, exception, template: "static/access_denied", message: "Access denied") when ActiveRecord::RecordNotFound render_error_page(404, exception, message: "That record was not found.") @@ -174,6 +176,14 @@ class ApplicationController < ActionController::Base end end + def pundit_user + [CurrentUser.user, request] + end + + def pundit_params_for(record) + params.fetch(PolicyFinder.new(record).param_key, {}) + end + # Remove blank `search` params from the url. # # /tags?search[name]=touhou&search[category]=&search[order]= diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb new file mode 100644 index 000000000..a7d52ba37 --- /dev/null +++ b/app/policies/application_policy.rb @@ -0,0 +1,68 @@ +class ApplicationPolicy + attr_reader :user, :request, :record + + def initialize(context, record) + @user, @request = context + @record = record + end + + def index? + true + end + + def show? + index? + end + + def search? + index? + end + + def new? + create? + end + + def create? + unbanned? + end + + def edit? + update? + end + + def update? + unbanned? + end + + def destroy? + update? + end + + def unbanned? + user.is_member? && !user.is_banned? + end + + def policy(object) + Pundit.policy!([user, request], object) + end + + def permitted_attributes + [] + end + + def permitted_attributes_for_create + permitted_attributes + end + + def permitted_attributes_for_update + permitted_attributes + end + + def permitted_attributes_for_new + permitted_attributes_for_create + end + + def permitted_attributes_for_edit + permitted_attributes_for_update + end +end