New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →

pundit_extraextra

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

pundit_extraextra

1.0.2
Rubygems

Version published: 2 months ago

Maintainers: 2

Created: 2 months ago

Source

PunditExtraExtra

This library borrows functionality from CanCan(Can) and adds it to Pundit.

can? and cannot? view helpers
load_resource, authorize_resource, load_and_authorize_resource and skip_authorization controller filters

The design intentions were:

To ease the transition from CanCanCan to Pundit.
To reduce boilerplate code in controller methods.
To keep things simple and intentionally avoid dealing with edge cases or endless magical options you need to memorize.

Install

Add to your Gemfile:

gem 'pundit_extra'

Add to your ApplicationController:

class ApplicationController < ActionController::Base
  include Pundit::Authorization
  include PunditExtraExtra
end

View Helpers: `can?` and `cannot?`

You can use the convenience methods can? and cannot? in any controller and view.

if can? :assign, @task is the same as Pundit's policy(@task).assign?
if can? :index, Task is the same as Pundit's policy(Task).index?
if cannot? :assign, @task is the opposite of can?

Autoload and Authorize Resource

You can add these to your controllers to automatically load the resource and/or authorize it.

class TasksController < ApplicationController
  before_action :authenticate_user!
  load_resource except: [:index, :create]
  authorize_resource except: [:create]
end

The load_resource filter will create the appropriate instance variable based on the current action.

The authorize_resource filter will call Pundit's authorize @model in each action.

You can use except: :action, or only: :action to limit the filter to a given action or an array of actions.

Example:

class TasksController < ApplicationController
  before_action :authenticate_user!
  load_resource except: [:edit, :complete]
  authorize_resource except: :index

  def index
    # this happens automatically
    # @tasks = policy_scope(Task)
  end

  def show
    # this happens automatically
    # @task = Task.find params[:id]
    # authorize @task
  end

  def new
    # this happens automatically
    # @task = Task.new
    # authorize @task
  end

  def create
    # this happens automatically
    # @task = Task.new task_params
    # authorize @task
  end

end

In addition, you can use:

load_and_authorize_resource which is a combination shortcut for load_resource and authorize_resource
skip_authorization which sends skip_authorization and skip_policy_scope to Pundit for all (or the specified) actions.

Credits

Thanks for building awesome stuff.

FAQs

What is pundit_extraextra?

Is pundit_extraextra well maintained?

Package last updated on 09 Jan 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

pundit_extraextra

PunditExtraExtra

Install

View Helpers: can? and cannot?

Autoload and Authorize Resource

Credits

Related posts

Bybit Hack Puts Crypto Losses at $1.6B, Surpassing All of Last Year in Just Two Months

OpenSSF Launches Open Source Project Security Baseline to Strengthen Software Supply Chain

View Helpers: `can?` and `cannot?`