class Pundit::Context
{Pundit::Context} is intended to be created once per request and user, and it is then used to perform authorization checks throughout the request.
@example Using Sinatra
helpers do def current_user = ... def pundit @pundit ||= Pundit::Context.new(user: current_user) end end get "/posts/:id" do |id| pundit.authorize(Post.find(id), query: :show?) end
@example Using [Roda](roda.jeremyevans.net/index.html)
route do |r| context = Pundit::Context.new(user:) r.get "posts", Integer do |id| context.authorize(Post.find(id), query: :show?) end end
Attributes
@api private @see initialize
@api public @see initialize
Public Class Methods
Source
# File lib/pundit/context.rb, line 32 def initialize(user:, policy_cache: CacheStore::NullStore.instance) @user = user @policy_cache = policy_cache end
@see Pundit::Authorization#pundit
@param user later passed to policies and scopes @param policy_cache
[#fetch] cache store for policies (see e.g. {CacheStore::NullStore})
Public Instance Methods
Source
# File lib/pundit/context.rb, line 75 def policy(record) cached_find(record, &:policy) end
Retrieves the policy for the given record.
@see github.com/varvet/pundit#policies @param record [Object] the object we’re retrieving the policy for @raise [InvalidConstructorError] if the policy constructor called incorrectly @return [Object, nil] instance of policy class with query methods
Source
# File lib/pundit/context.rb, line 86 def policy!(record) cached_find(record, &:policy!) end
Retrieves the policy for the given record, or raises if not found.
@see github.com/varvet/pundit#policies @param record [Object] the object we’re retrieving the policy for @raise [NotDefinedError] if the policy cannot be found @raise [InvalidConstructorError] if the policy constructor called incorrectly @return [Object] instance of policy class with query methods
Source
# File lib/pundit/context.rb, line 100 def policy_scope(scope) policy_scope_class = policy_finder(scope).scope return unless policy_scope_class begin policy_scope = policy_scope_class.new(user, pundit_model(scope)) rescue ArgumentError raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called" end policy_scope.resolve end
Retrieves the policy scope for the given record.
@see github.com/varvet/pundit#scopes @param scope [Object] the object we’re retrieving the policy scope for @raise [InvalidConstructorError] if the policy constructor called incorrectly @return [Scope{#resolve}, nil] instance of scope class which can resolve to a scope
Source
# File lib/pundit/context.rb, line 120 def policy_scope!(scope) policy_scope_class = policy_finder(scope).scope! begin policy_scope = policy_scope_class.new(user, pundit_model(scope)) rescue ArgumentError raise InvalidConstructorError, "Invalid #<#{policy_scope_class}> constructor is called" end policy_scope.resolve end
Retrieves the policy scope for the given record. Raises if not found.
@see github.com/varvet/pundit#scopes @param scope [Object] the object we’re retrieving the policy scope for @raise [NotDefinedError] if the policy scope cannot be found @raise [InvalidConstructorError] if the policy constructor called incorrectly @return [Scope{#resolve}] instance of scope class which can resolve to a scope
Private Instance Methods
Source
# File lib/pundit/context.rb, line 147 def cached_find(record) policy_cache.fetch(user: user, record: record) do klass = yield policy_finder(record) next unless klass model = pundit_model(record) begin klass.new(user, model) rescue ArgumentError raise InvalidConstructorError, "Invalid #<#{klass}> constructor is called" end end end
Finds a cached policy for the given record, or yields to find one.
@api private @param record [Object] the object we’re retrieving the policy for @yield a policy finder if no policy was cached @yieldparam [PolicyFinder] policy_finder
@yieldreturn [#new(user, model)] @return [Policy, nil] an instantiated policy @raise [InvalidConstructorError] if policy can’t be instantated
Source
# File lib/pundit/context.rb, line 166 def policy_finder(record) PolicyFinder.new(record) end
Return a policy finder for the given record.
@api private @return [PolicyFinder]
Source
# File lib/pundit/context.rb, line 173 def pundit_model(record) record.is_a?(Array) ? record.last : record end
Given a possibly namespaced record, return the actual record.
@api private