Trek

Appearance

Policies

Authorization relies on ActionPolicy. Trek provides Trek::ApplicationPolicy, Trek::ResourcePolicy and policies for its own models (PagePolicy, FragmentPolicy, UserPolicy).

Scaffolded policies inherit from Trek::ResourcePolicy and control access per role:

ruby
module Admin
  class BookPolicy < Trek::ResourcePolicy
    def index? = user.privileged?
    def create? = user.privileged?
    def manage? = user.privileged?
    def destroy? = user.privileged?

    def permitted_attributes
      user.privileged? ? %i[title intro] : []
    end

    relation_scope do |relation|
      next relation if user.privileged?

      relation.none
    end
  end
end
  • permitted_attributes doubles as strong parameters: Trek::ResourceController only permits what the policy allows for the current user.
  • relation_scope filters index queries per role.
  • user.privileged? is true for the admin and editor roles.

Released under the MIT License.

Copyright © Etamin Studio