jeudi 13 août 2015

Ruby Pundit Authorization Users and Collaborators

Ruby beginner over here. I'm currently working on a project where Users can create public and private wikis. There are three different roles: Admin, Standard User and Premium User. A Standard user can only see public wikis.

Authorization is working properly via Pundit, I've successfully been able to list the wikis I want each user to have access to, but I'm missing one thing: Wikis to which the Standard user has been added as a collaborator.

Collaborator is not a role, so I'm having difficulty adding those wikis to the index (Wiki has many users through collaborators).

If you have any ideas on how I can implement this, or perhaps an alternative route, I'd be happy to hear them.

Currently, a standard user can access only public wikis and wikis he or she has created (which are public by default). Currently, the Standard user can view and edit a private wiki he or she has been added to but only by visiting the direct wiki url.

This is what my code looks like so far:

wiki.rb

class Wiki < ActiveRecord::Base
  belongs_to :user
  has_many :collaborators
  has_many :users, through: :collaborators

  scope :visible_to, -> (user) { user && (user.premium? || user.admin?) ? all : where(public: true)  }
  scope :publicly_visible, -> {where(public: true)}
end

wiki_policy.rb

class WikiPolicy < ApplicationPolicy
  def index?
    true
  end

  def show?
    record.public? || user.present? && (record.user == user || user.admin? || user.premium? || record.users.include?(user))
  end

  def create?
    user.present? 
  end

  def new?
    create?
  end

  def update?
    user.present? && (record.user == user || user.admin? || record.users.include?(user))
  end

  def destroy?
    update?
  end

  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user = user
      @scope = scope
    end

    def resolve
      if @user.present?
        wikis = Wiki.visible_to(@user)
      else
        wikis = Wiki.publicly_visible
      end
    end
  end
end

wikis_controller.rb

class WikisController < ApplicationController
  def index
    @wikis = policy_scope(Wiki).paginate(page: params[:page], per_page: 10)
    authorize @wikis 
  end
...
end


via Chebli Mohamed
Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)