Skip to content

Instantly share code, notes, and snippets.

@bethesque

bethesque/authorise.rb

Created September 14, 2015 22:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bethesque/474ce4de3b5f71dc86d9 to your computer and use it in GitHub Desktop.
Save bethesque/474ce4de3b5f71dc86d9 to your computer and use it in GitHub Desktop.
Download ZIP
How we currently authorise our Trailblazer operations (pre policy support)
Raw
authorise.rb
class Thing::Create < Trailblazer::Operation
def process(params)
validate(params[:referral]) do
authorize(params, model, :create?)
form.save
end
end
def setup_model!(params)
authorize params, model, :new? # Wouldn't be required for run, but no harm in doing it twice
end
def authorize(params, record, query=nil)
query ||= params[:action].to_s + "?"
policy = Pundit.policy(params[:user_context], record)
raise Pundit::NotAuthorizedError.new(query: query, record: record, policy: policy) unless policy.public_send(query)
end
end
@apotonick
Copy link

Yeah! That is identical to my implementation! 😄 https://github.com/apotonick/trailblazer/blob/master/lib/trailblazer/operation/policy.rb#L34

I love how you split your authentication into different steps. That was one of my main intentions when introducing the operation-wide policy object. It'll be cool to have that policy instance in forms, too, etc. Pretty sure a few more standards/conventions will evolve here shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment