Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dannyben/pundit_extra
Extensions and helpers for Pundit
https://github.com/dannyben/pundit_extra
authorization gem pundit rails ruby
Last synced: 5 days ago
JSON representation
Extensions and helpers for Pundit
- Host: GitHub
- URL: https://github.com/dannyben/pundit_extra
- Owner: DannyBen
- License: mit
- Created: 2016-02-09T16:48:58.000Z (almost 9 years ago)
- Default Branch: master
- Last Pushed: 2024-07-29T16:38:46.000Z (4 months ago)
- Last Synced: 2024-11-07T19:51:00.686Z (13 days ago)
- Topics: authorization, gem, pundit, rails, ruby
- Language: Ruby
- Size: 57.6 KB
- Stars: 15
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PunditExtra
[](https://badge.fury.io/rb/pundit_extra)
[](https://github.com/DannyBen/pundit_extra/actions?query=workflow%3ATest)
[](https://codeclimate.com/github/DannyBen/pundit_extra/maintainability)
---
This library borrows functionality from [CanCan(Can)][2] and adds it to [Pundit][1].
- `can?` and `cannot?` view helpers
- `load_resource`, `authorize_resource`, `load_and_authorize_resource` and
`skip_authorization` controller filters
The design intentions were:
1. To ease the transition from CanCanCan to Pundit.
2. To reduce boilerplate code in controller methods.
3. To keep things simple and intentionally avoid dealing with edge cases or
endless magical options you need to memorize.
---
## Install
Add to your Gemfile:
```
gem 'pundit_extra'
```
Add to your `ApplicationController`:
```ruby
class ApplicationController < ActionController::Base
include Pundit::Authorization
include PunditExtra
end
```
## View Helpers: `can?` and `cannot?`
You can use the convenience methods `can?` and `cannot?` in any controller
and view.
- `if can? :assign, @task` is the same as Pundit's `policy(@task).assign?`
- `if can? :index, Task` is the same as Pundit's `policy(Task).index?`
- `if cannot? :assign, @task` is the opposite of `can?`
## Autoload and Authorize Resource
You can add these to your controllers to automatically load the resource
and/or authorize it.
```ruby
class TasksController < ApplicationController
before_action :authenticate_user!
load_resource except: [:index, :create]
authorize_resource except: [:create]
end
```
The `load_resource` filter will create the appropriate instance variable
based on the current action.
The `authorize_resource` filter will call Pundit's `authorize @model` in each
action.
You can use `except: :action`, or `only: :action` to limit the filter to a
given action or an array of actions.
Example:
```ruby
class TasksController < ApplicationController
before_action :authenticate_user!
load_resource except: [:edit, :complete]
authorize_resource except: :index
def index
# this happens automatically
# @tasks = policy_scope(Task)
end
def show
# this happens automatically
# @task = Task.find params[:id]
# authorize @task
end
def new
# this happens automatically
# @task = Task.new
# authorize @task
end
def create
# this happens automatically
# @task = Task.new task_params
# authorize @task
end
end
```
In addition, you can use:
- `load_and_authorize_resource` which is a combination shortcut for
`load_resource` and `authorize_resource`
- `skip_authorization` which sends `skip_authorization` and
`skip_policy_scope` to Pundit for all (or the specified) actions.
## Credits
- [Jonas Nicklas](https://github.com/jnicklas) @ [Pundit][1]
- [Bryan Rite](https://github.com/bryanrite), [Ryan Bates](https://github.com/ryanb), [Richard Wilson](https://github.com/Senjai) @ [CanCanCan][2]
- [Tom Morgan](https://github.com/seven1m)
Thanks for building awesome stuff.
---
[1]: https://github.com/elabs/pundit
[2]: https://github.com/CanCanCommunity/cancancan