ketanghumatkar/authorization_approach.rb

## authorization_approach.rb
### NEW Governance approach

## Model Governance
### For delete action validation

class Sample
  include Mongoid::Document

  before_destroy :authorize

  def authorize
    error.add :base, "You are not authorized perform this action"
  end
end

### For create/update custom validation

#### Govenance Validator
class AuthorizeValidator < ActiveModel::Validator
  def validate(record)
    unless policy_class.new(record, current_user).on?
      record.errors[:base] << "You are not authorized to perform this action"
    end
  end

  def current_user
    RequestStore.store[:current_user]
  end
end

#### Mongoid Model
Class Sample
  include Mongoid::Document

  validates_with AuthorizeValidator, on: :create

  def policy_class
    SamplePolicy
  end
end


## Controller Governance

### Call authorize in before action of base controller to cover by defualt authorization
class ApplicationController < ActionController::Base

  ## Before actions
  before_action :authorize

  ### Raise NotAuthorizedError if permission is not granted for controller_name and action_name for current_user
  def authorize
    raise Pundit::NotAuthorizedError unless Authorize::permission(controller_name, action_name, current_user)
  end
end

### Skip authorization for session and registration controller
class UserSessionController < ActionController::Base
  skip_before_action :authorize
end
	### NEW Governance approach

	## Model Governance
	### For delete action validation

	class Sample
	include Mongoid::Document

	before_destroy :authorize

	def authorize
	error.add :base, "You are not authorized perform this action"
	end
	end

	### For create/update custom validation

	#### Govenance Validator
	class AuthorizeValidator < ActiveModel::Validator
	def validate(record)
	unless policy_class.new(record, current_user).on?
	record.errors[:base] << "You are not authorized to perform this action"
	end
	end

	def current_user
	RequestStore.store[:current_user]
	end
	end

	#### Mongoid Model
	Class Sample
	include Mongoid::Document

	validates_with AuthorizeValidator, on: :create

	def policy_class
	SamplePolicy
	end
	end


	## Controller Governance

	### Call authorize in before action of base controller to cover by defualt authorization
	class ApplicationController < ActionController::Base

	## Before actions
	before_action :authorize

	### Raise NotAuthorizedError if permission is not granted for controller_name and action_name for current_user
	def authorize
	raise Pundit::NotAuthorizedError unless Authorize::permission(controller_name, action_name, current_user)
	end
	end

	### Skip authorization for session and registration controller
	class UserSessionController < ActionController::Base
	skip_before_action :authorize
	end