Skip to content

Instantly share code, notes, and snippets.

@krisleech

krisleech/service_authorized.rb

Created February 17, 2020 16:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save krisleech/88d42aa15252ef710d8658d1524e96a3 to your computer and use it in GitHub Desktop.
Save krisleech/88d42aa15252ef710d8658d1524e96a3 to your computer and use it in GitHub Desktop.
Download ZIP
services and action policy
Raw
service_authorized.rb
require "bundler/inline"
gemfile(false) do
source "https://rubygems.org"
gem "rspec"
gem "action_policy"
gem "pry-byebug"
end
require "action_policy"
require 'rspec/autorun'
class ProductPolicy < ActionPolicy::Base
def update?
user.admin?
end
end
# Pretend ActiveRecord model
#
Product = Struct.new(:id) do
def self.find(id)
new(id)
end
def update(attributes)
puts "SAVED"
end
end
# Base class for service objects
#
class ServiceBase
include ActionPolicy::Behaviour
authorize :user
attr_reader :user
def initialize(user)
@user = user
end
end
# service object
#
class UpdateProduct < ServiceBase
def call(id, attributes)
product = Product.find(id)
authorize!(product, to: :update?)
product.update(attributes)
end
end
# pretend User
User = Struct.new(:admin) do
def admin?; !!admin; end
end
RSpec.describe UpdateProduct do
describe 'when user is an admin' do
let(:user) { User.new(true) }
it 'raises no error' do
expect { described_class.new(user).call(1, name: 'foo') }.not_to raise_error
end
end
describe 'when user is not an admin' do
let(:user) { User.new(false) }
it 'raises no error' do
expect { described_class.new(user).call(1, name: 'foo') }.to raise_error(ActionPolicy::Unauthorized)
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment