From 66f1d2ec0b8cb3387c9760707df614d25021ae92 Mon Sep 17 00:00:00 2001 From: Devin Howard Date: Sat, 13 Feb 2016 17:28:09 +0800 Subject: [PATCH] install pundit --- Gemfile | 2 +- Gemfile.lock | 5 ++- app/controllers/application_controller.rb | 1 + app/policies/application_policy.rb | 53 +++++++++++++++++++++++ 4 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 app/policies/application_policy.rb diff --git a/Gemfile b/Gemfile index 8379a7db..eec31832 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ gem 'rails', '4.2.4' gem 'devise' gem 'redis' gem 'pg' -gem 'cancancan' +gem 'pundit' gem 'formula' gem 'formtastic' gem 'json' diff --git a/Gemfile.lock b/Gemfile.lock index eb8edec5..2f10214a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -56,7 +56,6 @@ GEM builder (3.2.2) byebug (5.0.0) columnize (= 0.9.0) - cancancan (1.13.1) climate_control (0.0.3) activesupport (>= 3.0) cocaine (0.5.7) @@ -141,6 +140,8 @@ GEM pry (~> 0.10) pry-rails (0.3.4) pry (>= 0.9.10) + pundit (1.1.0) + activesupport (>= 3.0.0) quiet_assets (1.1.0) railties (>= 3.1, < 5.0) rack (1.6.4) @@ -243,7 +244,6 @@ DEPENDENCIES best_in_place better_errors binding_of_caller - cancancan coffee-rails devise dotenv @@ -260,6 +260,7 @@ DEPENDENCIES pg pry-byebug pry-rails + pundit quiet_assets rails (= 4.2.4) rails3-jquery-autocomplete diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 71d3d6ea..c380f96c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,4 +1,5 @@ class ApplicationController < ActionController::Base + include Pundit protect_from_forgery before_filter :get_invite_link diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb new file mode 100644 index 00000000..2a0bbc52 --- /dev/null +++ b/app/policies/application_policy.rb @@ -0,0 +1,53 @@ +class ApplicationPolicy + attr_reader :user, :record + + def initialize(user, record) + @user = user + @record = record + end + + def index? + false + end + + def show? + scope.where(:id => record.id).exists? + end + + def create? + false + end + + def new? + create? + end + + def update? + false + end + + def edit? + update? + end + + def destroy? + false + end + + def scope + Pundit.policy_scope!(user, record.class) + end + + class Scope + attr_reader :user, :scope + + def initialize(user, scope) + @user = user + @scope = scope + end + + def resolve + scope + end + end +end