Commit ac27dcaa by dongxiaowei

Merge branch 'authorize' into 'master'

Authorize See merge request !1
parents 38e610ba d9f916c4
...@@ -141,6 +141,7 @@ class SimpleController::BaseController < ::InheritedResources::Base ...@@ -141,6 +141,7 @@ class SimpleController::BaseController < ::InheritedResources::Base
@paginate_off = options.delete(:paginate_off) @paginate_off = options.delete(:paginate_off)
@distinct_off = options.delete(:distinct_off) @distinct_off = options.delete(:distinct_off)
@policy_class = options.delete(:policy_class) || name.sub(/Controller$/, 'Policy').safe_constantize @policy_class = options.delete(:policy_class) || name.sub(/Controller$/, 'Policy').safe_constantize
@database_policy = name.sub(/Controller$/, 'DatabasePolicy')
_importable_class = options.delete(:importable_class) _importable_class = options.delete(:importable_class)
_exportable_class = options.delete(:exportable_class) _exportable_class = options.delete(:exportable_class)
...@@ -207,6 +208,7 @@ class SimpleController::BaseController < ::InheritedResources::Base ...@@ -207,6 +208,7 @@ class SimpleController::BaseController < ::InheritedResources::Base
context: params, context: params,
parents: parent_objects, parents: parent_objects,
} }
authorize_if_database_policy policy_info, "#{action_name}?"
authorize_if_policy_class policy_info, "#{action_name}?" authorize_if_policy_class policy_info, "#{action_name}?"
instance_variable_set("@#{resource_instance_name}", resource) instance_variable_set("@#{resource_instance_name}", resource)
@ta_record = resource @ta_record = resource
...@@ -222,6 +224,7 @@ class SimpleController::BaseController < ::InheritedResources::Base ...@@ -222,6 +224,7 @@ class SimpleController::BaseController < ::InheritedResources::Base
context: params, context: params,
parents: parent_objects, parents: parent_objects,
} }
authorize_if_database_policy policy_info, "#{action_name}?"
authorize_if_policy_class policy_info, "#{action_name}?" authorize_if_policy_class policy_info, "#{action_name}?"
instance_variable_set("@#{resource_collection_name}", collection) instance_variable_set("@#{resource_collection_name}", collection)
@ta_records = collection @ta_records = collection
...@@ -279,6 +282,21 @@ class SimpleController::BaseController < ::InheritedResources::Base ...@@ -279,6 +282,21 @@ class SimpleController::BaseController < ::InheritedResources::Base
alias origin_end_of_association_chain end_of_association_chain alias origin_end_of_association_chain end_of_association_chain
def database_policy_association_chain
policy_class ||= self.class.instance_variable_get(:@database_policy)
if policy_class.present? &&
(scope_policy_class = "#{policy_class}::Scope".safe_constantize) &&
origin_end_of_association_chain.is_a?(ActiveRecord::Relation)
parent_objects = symbols_for_association_chain.each_with_object({}) do |sym, h|
h[sym.to_sym] = instance_variable_get("@#{sym}")
end
scope_policy_class.new(current_user, policy_association_chain, **parent_objects).resolve
else
origin_end_of_association_chain.respond_to?(:all) ?
origin_end_of_association_chain.all : origin_end_of_association_chain
end
end
def policy_association_chain def policy_association_chain
policy_class ||= self.class.instance_variable_get(:@policy_class) policy_class ||= self.class.instance_variable_get(:@policy_class)
if policy_class.present? && if policy_class.present? &&
...@@ -297,9 +315,10 @@ class SimpleController::BaseController < ::InheritedResources::Base ...@@ -297,9 +315,10 @@ class SimpleController::BaseController < ::InheritedResources::Base
# ransack q, 这里主要是为了统计 # ransack q, 这里主要是为了统计
def query_association_chain def query_association_chain
if self.class.instance_variable_get(:@ransack_off) || params[:q].blank? if self.class.instance_variable_get(:@ransack_off) || params[:q].blank?
policy_association_chain database_policy_association_chain
# policy_association_chain
else else
ransack_association(policy_association_chain, params[:q]) ransack_association(database_policy_association_chain, params[:q])
end end
end end
...@@ -372,6 +391,14 @@ class SimpleController::BaseController < ::InheritedResources::Base ...@@ -372,6 +391,14 @@ class SimpleController::BaseController < ::InheritedResources::Base
private private
def authorize_if_database_policy(record, query)
policy_name = self.class.instance_variable_get(:@database_policy)
database_policy = policy_name&.safe_constantize
database_policy&.method_defined?(query) ?
authorize(record, query, policy_class: database_policy) :
record
end
def authorize_if_policy_class(record, query, policy_class: nil) def authorize_if_policy_class(record, query, policy_class: nil)
policy_class ||= self.class.instance_variable_get(:@policy_class) policy_class ||= self.class.instance_variable_get(:@policy_class)
policy_class&.method_defined?(query) ? policy_class&.method_defined?(query) ?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment