module PunditOverwrite
Contains the overwritten authorize method
Public Instance Methods
policy_scope!(resource, opts= {query: nil, associations: []})
click to toggle source
Returns the permitted scope or raises exception
@param resource [Object] the object we're checking @permitted_attributes of @param opts [Hash] options for scopes: query, associations
query: the method which returns the permissions, If omitted then this defaults to the Rails controller action name. associations: associations to scope, defaults to []
@raise [NotAuthorizedError] if the given query method returned false @return [Object, ActiveRecord::Association] Returns the @permitted_attributes hash or the resource
# File lib/pundit_roles/pundit.rb, line 67 def policy_scope!(resource, opts= {query: nil, associations: []}) opts[:query] ||= params[:action].to_s + '?' @_pundit_policy_scoped = true @pundit_current_options = { primary_resource: resource.is_a?(Class) ? resource : resource.class, current_query: opts[:query] } policy = policy(resource) permitted_scope = policy.resolve_scope(opts[:query]) unless permitted_scope raise_not_authorized(resource) end if permitted_scope.is_a? TrueClass return resource end return permitted_scope end