trabajo-afectivo/app/policies/controllers/monitoring_controller_policy.rb

class Controllers::MonitoringControllerPolicy < Controllers::ApplicationControllerPolicy

  def health_check?
    token_or_permission?
  end

  def status?
    token_or_permission?
  end

  def amount_check?
    token_or_permission?
  end

  def token?
    permission_and_permission_active?
  end

  def restart_failed_jobs?
    permission_and_permission_active?
  end

  private

  def user_required?
    false
  end

  def token_or_permission?
    return true if user.present? && monitoring_admin!
    return true if valid_token_param?

    not_authorized
  end

  def permission_and_permission_active?
    user_required!
    monitoring_admin!
    return true if permission_active?

    not_authorized
  end

  def valid_token_param?
    Setting.get('monitoring_token') == record.params[:token]
  end

  def permission_active?
    Permission.exists?(name: 'admin.monitoring', active: true)
  end

  def monitoring_admin!
    user.permissions!('admin.monitoring')
    true
  end
end
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`class Controllers::MonitoringControllerPolicy < Controllers::ApplicationControllerPolicy`

			`def health_check?`
			`token_or_permission?`
			`end`

			`def status?`
			`token_or_permission?`
			`end`

			`def amount_check?`
			`token_or_permission?`
			`end`

			`def token?`
			`permission_and_permission_active?`
			`end`

			`def restart_failed_jobs?`
			`permission_and_permission_active?`
			`end`

			`private`

			`def user_required?`
			`false`
			`end`

			`def token_or_permission?`
			`return true if user.present? && monitoring_admin!`
			`return true if valid_token_param?`

			`not_authorized`
			`end`

			`def permission_and_permission_active?`
			`user_required!`
			`monitoring_admin!`
			`return true if permission_active?`

			`not_authorized`
			`end`

			`def valid_token_param?`
			`Setting.get('monitoring_token') == record.params[:token]`
			`end`

			`def permission_active?`
			`Permission.exists?(name: 'admin.monitoring', active: true)`
			`end`

			`def monitoring_admin!`
			`user.permissions!('admin.monitoring')`
			`true`
			`end`
			`end`