mpugach · February 11, 2014 15:16
diff --git a/application_controller.rb b/application_controller.rb
 class ApplicationController < ActionController::Base

  # Includes Authorization mechanism
  include Pundit

  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  # Globally rescue Authorization Errors in controller.
  # Returning 403 Forbidden if permission is denied
  rescue_from Pundit::NotAuthorizedError, with: :permission_denied

  # Enforces access right checks for individuals resources
  after_filter :verify_authorized, :except => :index

  # Enforces access right checks for collections
  after_filter :verify_policy_scoped, :only => :index


  private

  def permission_denied
    head 403
  end

 end
diff --git a/person_policy.rb b/person_policy.rb
 class PersonPolicy < ApplicationPolicy

  class Scope < Struct.new(:user, :scope)
    def resolve
      scope
    end
  end
 end
diff --git a/pundit_metaprograming_acces_rights.rb b/pundit_metaprograming_acces_rights.rb
 class ApplicationPolicy
  attr_reader :user, :record

  def initialize(user, record)
    @user = user
    @record = record
  end

  def user_activities
    @user.roles.select(:activities).distinct.map(&:activities).flatten
  end

  def inferred_activity(method)
    "#{@record.class.name.downcase}:#{method.to_s}"
  end

  def method_missing(name,*args)
    if name.to_s.last == '?'
      user_activities.include?(inferred_activity(name.to_s.gsub('?','')))
    else
      super
    end
  end


  def scope
    Pundit.policy_scope!(user, record.class)
  end
 end
	class ApplicationController < ActionController::Base

	# Includes Authorization mechanism
	include Pundit

	# Prevent CSRF attacks by raising an exception.
	# For APIs, you may want to use :null_session instead.
	protect_from_forgery with: :exception

	# Globally rescue Authorization Errors in controller.
	# Returning 403 Forbidden if permission is denied
	rescue_from Pundit::NotAuthorizedError, with: :permission_denied

	# Enforces access right checks for individuals resources
	after_filter :verify_authorized, :except => :index

	# Enforces access right checks for collections
	after_filter :verify_policy_scoped, :only => :index


	private

	def permission_denied
	head 403
	end

	end
	class PersonPolicy < ApplicationPolicy

	class Scope < Struct.new(:user, :scope)
	def resolve
	scope
	end
	end
	end
	class ApplicationPolicy
	attr_reader :user, :record

	def initialize(user, record)
	@user = user
	@record = record
	end

	def user_activities
	@user.roles.select(:activities).distinct.map(&:activities).flatten
	end

	def inferred_activity(method)
	"#{@record.class.name.downcase}:#{method.to_s}"
	end

	def method_missing(name,*args)
	if name.to_s.last == '?'
	user_activities.include?(inferred_activity(name.to_s.gsub('?','')))
	else
	super
	end
	end


	def scope
	Pundit.policy_scope!(user, record.class)
	end
	end