Profile picture Schedule a Meeting
c a n d l a n d . n e t

Pundit Can

Dusty Candland | | opensource, ruby, rails

Pundit with cancan style load_and_authorize functionality.

class PostsController < ApplicationController
  include PunditCan::LoadAndAuthorize

  load_resource model_class: User, parent: true
  load_resource
end

More deailts in the readme: Pundit Can

PunditCan

Pundit with cancan style load_and_authorize functionality.

Usage

Include PunditCan::LoadAndAuthorize into ApplicationController or in each controller.

Call load_resource in the controller to load and authorize the resource.

class UsersController < ApplicationController
  load_resource
end

This will load @user from User using the UserPolicy to authorize and scope the loading.

Advanced usage

There is support for loading multiple models. However, there isn't a :through option, like cancan, instead loading still goes through Pundit scopes.

There are options to customize the loaded instance_name, model, and policy classes.

Parent / nested

This is a example of loading User and Posts.

class PostsController < ApplicationController
  load_resource model_class: User, parent: true
  load_resource

  ...
end

That will load @user from the UserPolicy into a User class, using :user_id to find the user. And it will lost @post or @posts using the PostPolicy with the :id param.

Customized loading

You can customize the loading for cases when the model, controller, and policies don't match up name-wise.

class MisMatchedController < ApplicationController
  load_resource instance_name: :special_user,
    model_class: User,
    policy_class: SpecialUserPolicy,
    policy_scope_class: SpecialUserPolicy::Scope

  ...

  # Pundit method to override the model param key
  def pundit_params_for(record)
    params.require(:special_user)
  end
end

This will set @special_user with the User class, using the SpecialUserPolicy and SpecialUserPolicy::Scope classes to authorize and scope the loading.

Skiping checks

By default, verify_authorized and verify_policy_scoped after actions are setup. If you need to skip those for an action, there are skip_authorized_check and skip_scoped_check methods to skip the verify actions for the given actions.

class SkipsController < ApplicationController
  skip_authorized_check :index, :show
  skip_scoped_check :index, :show

  ...
end

Installation

Add this line to your application's Gemfile:

gem "pundit_can"

And then execute:

$ bundle

Or install it yourself as:

$ gem install pundit_can

Contributing

Contribution directions go here.

License

The gem is available as open source under the terms of the MIT License.

Webmentions

These are webmentions via the IndieWeb and webmention.io. Mention this post from your site: