search

togglepro / pundit-resources

Integrate Pundit policies with jsonapi-resources
MIT License
46 stars 39 forks source link

Pundit::AuthorizationNotPerformedError on Create / Delete #33

Closed lxcodes closed 7 years ago

lxcodes commented 7 years ago

Currently unable to move forward because I'm running into an issue where Pundit is reporting that authorization hasn't been run, but I believe all the steps are in (relevant sections below). After dumping them all out, all I can think of is possibly that context is conflicting with whatever pundit-resources is setting? Any help is appreciated.

class ApplicationPolicy
  attr_reader :user, :record

  def initialize(user, record)
    Rails.logger.info "Policy User:"
    Rails.logger.ap user
    @user = user
    @record = record
  end

  def index?
    false
  end

  def create?
    false
  end

  def new?
    create?
  end

  def update?
    false
  end

  def edit?
    update?
  end

  def destroy?
    false
  end

  def scope
    Pundit.policy_scope!(user, record.class)
  end

  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user = user
      @scope = scope
    end

    def resolve
      scope
    end
  end
end
class UserPolicy < ApplicationPolicy
  def create?
    user.admin?
  end

  def update?
    user.admin?
  end

  def destroy?
    user.admin?
  end
end
# == Schema Information
#
# Table name: users
#
#  id                       :integer          not null, primary key
#  first_name               :string
#  last_name                :string
#  email_address            :string
#  avatar_location          :boolean
#  is_active                :boolean
#  phone_number             :string
#  job_title                :string
#  last_login               :datetime
#  password_change_required :boolean
#  is_realm_admin           :boolean
#  integrations             :json
#  password_digest          :string
#  created_at               :datetime         not null
#  updated_at               :datetime         not null
#  organization_id          :integer
#
# Indexes
#
#  index_users_on_organization_id  (organization_id)
#

class User < ApplicationRecord
  has_secure_password

  validates :first_name, presence: true, length: { minimum: 2 }
  validates :last_name, presence: true, length: { minimum: 2 }
  validates :email_address, presence: true, uniqueness: { scope: :organization_id }

  belongs_to :organization
  belongs_to :group, optional: true

  has_many :favorites

  def full_name
    [first_name, last_name].join(" ")
  end

  def self.find_for_auth(identification)
    identification = [identification.downcase]
    where('lower(email_address)=?', identification).first
  end

  def admin?
    is_realm_admin
  end
end
class UsersController < ApplicationController
  before_action -> { doorkeeper_authorize! :api }
end
class ApplicationController < JSONAPI::ResourceController
  include Pundit::ResourceController

  before_action :set_current_tenant

  def context
    {
      organization: current_tenant,
      current_user: current_user
    }
  end

  protected
  def current_tenant
    Organization.find_by(subdomain: request.subdomain)
  end
  def set_current_tenant
    Rails.logger.info "Current Tenant: #{current_tenant}"
    @organization = current_tenant
  end

  def current_user
    Rails.logger.info "Current User: #{@current_user}"
    @current_user ||= User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
  end

end