trabajo-afectivo/app/policies/controllers/taskbar_controller_policy.rb

class Controllers::TaskbarControllerPolicy < Controllers::ApplicationControllerPolicy

  def show?
    own?
  end

  def update?
    own?
  end

  def destroy?
    own?
  end

  private

  def own?
    taskbar = Taskbar.find(record.params[:id])
    return true if taskbar.user_id == user.id

    # current implementation requires this exception type
    # should be replaced by unified way
    raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.'
  end
end
Refactoring: Replaced home-rolled authorization logic in Controllers with Pundit. 2020-03-19 09:39:51 +00:00			`class Controllers::TaskbarControllerPolicy < Controllers::ApplicationControllerPolicy`

			`def show?`
			`own?`
			`end`

			`def update?`
			`own?`
			`end`

			`def destroy?`
			`own?`
			`end`

			`private`

			`def own?`
			`taskbar = Taskbar.find(record.params[:id])`
			`return true if taskbar.user_id == user.id`

			`# current implementation requires this exception type`
			`# should be replaced by unified way`
			`raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.'`
			`end`
			`end`