Adding pundit

Edimo Silva · Edimo Silva · commit f1d4874bfc3c · 2020-03-16T12:24:20.000+13:00
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -31,13 +31,13 @@ services:
       RUBYOPT: "-W:no-deprecated -W:no-experimental"
       BUNDLE_PATH: "/home/edimossilva/.gems"
       HISTFILE: /home/edimossilva/.bashhistory
-      RAILS_MASTER_KEY: "a667717bf0a47475b0582547379c816d" 
+      RAILS_MASTER_KEY: "a667717bf0a47475b0582547379c816d"
         # "${RAILS_MASTER_KEY}"
     tty: true
     command: bash
     ports:
-      - "3000:3000"
-      
+      - "4000:3000"
+
   vue:
     build:
       context: "."
@@ -53,6 +53,6 @@ services:
     depends_on:
       - rails
 # docker-compose build
-# docker-compose up
-# docker exec -it ror-basic-blog_rails_1 bash
+# docker-compose up -d
+# docker exec -it rails bash
 # railss
diff --git a/volume/blog-backend/Gemfile b/volume/blog-backend/Gemfile
@@ -55,3 +55,5 @@ gem 'bcrypt', '~> 3.1.7'
 gem 'rubocop'
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby]
+
+gem "pundit"
diff --git a/volume/blog-backend/Gemfile.lock b/volume/blog-backend/Gemfile.lock
@@ -129,6 +129,8 @@ GEM
       pry (~> 0.9)
       slop (~> 3.0)
     puma (3.12.4)
+    pundit (2.1.0)
+      activesupport (>= 3.0.0)
     rack (2.2.2)
     rack-cors (1.1.1)
       rack (>= 2.0.0)
@@ -236,6 +238,7 @@ DEPENDENCIES
   pry-nav
   pry-remote
   puma (~> 3.11)
+  pundit
   rack-cors
   rails (~> 6.0.0)
   rspec-rails (~> 4.0.0.beta)
diff --git a/volume/blog-backend/app/controllers/application_controller.rb b/volume/blog-backend/app/controllers/application_controller.rb
@@ -1,7 +1,10 @@
 class ApplicationController < ActionController::API
   include Auth::JsonWebTokenHelper
+  include Pundit
+
   rescue_from ActiveRecord::RecordNotFound, with: :render_not_found
   rescue_from ActiveRecord::RecordInvalid, with: :render_unprocessable_entity
+  rescue_from Pundit::NotAuthorizedError, with: :render_unauthorized
 
   before_action :authorize_request
 
diff --git a/volume/blog-backend/app/controllers/blogs_controller.rb b/volume/blog-backend/app/controllers/blogs_controller.rb
@@ -33,11 +33,9 @@ def index
   def show
     blog = Blog.find_by!(id: search_params[:id])
 
-    if BlogAccessLevel.can_show?(@current_user, blog)
-      render_ok(BlogSerializer.new(blog))
-    else
-      render_unauthorized
-    end
+    authorize blog
+
+    render_ok(BlogSerializer.new(blog))
   end
 
   private
diff --git a/volume/blog-backend/app/helpers/auth/json_web_token_helper.rb b/volume/blog-backend/app/helpers/auth/json_web_token_helper.rb
@@ -47,5 +47,9 @@ def user_by_token(token)
       decoded = decode_token(token)
       User.find(decoded[:user_id])
     end
+
+    def current_user
+      @current_user
+    end
   end
 end
diff --git a/volume/blog-backend/app/models/blog.rb b/volume/blog-backend/app/models/blog.rb
@@ -7,4 +7,8 @@ class Blog < ApplicationRecord
   delegate :registred?, to: :user, prefix: true
 
   scope :only_public, -> { where('is_private = false') }
+
+  def public?
+    !is_private
+  end
 end
diff --git a/volume/blog-backend/app/policies/blog_policy.rb b/volume/blog-backend/app/policies/blog_policy.rb
@@ -0,0 +1,12 @@
+class BlogPolicy
+  attr_reader :user, :blog
+
+  def initialize(user, blog)
+    @user = user
+    @blog = blog
+  end
+
+  def show?
+    user&.has_access_level? || blog.public?
+  end
+end
