Pedro Moreira pedrosmmoreira

pedrosmmoreira / foos_controller.rb

Created February 17, 2017 11:23

	class FoosController < ApplicationController
	include Pundit
	#...

	# record policy
	def set_record_policy
	policy(PolicyContext.new(record, current_user)
	end

	# scope policy

pedrosmmoreira / policy_context.rb

Created February 17, 2017 11:22

	class PolicyContext
	attr_reader :record

	def initialize(record, user)
	@record = record
	@user = user
	end

	def policy_class
	"#{@user.role}FooPolicy".classify

pedrosmmoreira / admin_policy.rb

Created February 17, 2017 11:20

	class AdminFooPolicy < ApplicationPolicy
	class Scope
	attr_reader :user, :scope

	def initialize(user, context)
	@user = user
	@scope = context.record
	end

	def resolve

pedrosmmoreira / foo_policy.rb

Created February 17, 2017 11:18

	class FooPolicy < ApplicationPolicy
	#...
	class Scope
	#...
	def resolve
	if user.roles.include?("admin")
	scope.not_cancelled
	elsif user.roles.include?("official")
	scope.not_draft
	elsif user.roles.include?("provider")

pedrosmmoreira / final_controller_calls.rb

Last active January 21, 2016 06:40

Dynamic Pundit Policies per user type

	class FoosController < ApplicationController
	include Pundit
	#...

	# record policy
	def set_record_policy
	policy(PolicyContext.new(record, current_user)
	end

	# scope policy

pedrosmmoreira / gist:f27fb0da654264fe69f8

Created May 7, 2014 13:46

request spec

	require 'spec_helper'

	describe 'GET /v1/projects' do
	it 'returns a list of all projects' do
	projects = create_list :project, 2

	get "/v1/projects"

	expect(response_json).to eq(
	'projects' => [{