2018-12-05 23:21:45 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-03-27 19:54:05 +05:30
|
|
|
module FinderMethods
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2023-04-23 21:23:45 +05:30
|
|
|
def find_by!(...)
|
|
|
|
raise_not_found_unless_authorized execute.reorder(nil).find_by!(...)
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2018-03-27 19:54:05 +05:30
|
|
|
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2023-04-23 21:23:45 +05:30
|
|
|
def find_by(...)
|
|
|
|
if_authorized execute.reorder(nil).find_by(...)
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
2018-12-05 23:21:45 +05:30
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2018-03-27 19:54:05 +05:30
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
# rubocop: disable CodeReuse/ActiveRecord
|
2023-04-23 21:23:45 +05:30
|
|
|
def find(...)
|
|
|
|
raise_not_found_unless_authorized execute.reorder(nil).find(...)
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
2022-06-21 17:19:12 +05:30
|
|
|
# rubocop: enable CodeReuse/ActiveRecord
|
2018-03-27 19:54:05 +05:30
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def raise_not_found_unless_authorized(result)
|
|
|
|
result = if_authorized(result)
|
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
unless result
|
|
|
|
# This fetches the model from the `ActiveRecord::Relation` but does not
|
|
|
|
# actually execute the query.
|
|
|
|
model = execute.model
|
|
|
|
raise ActiveRecord::RecordNotFound, "Couldn't find #{model}"
|
|
|
|
end
|
2018-03-27 19:54:05 +05:30
|
|
|
|
|
|
|
result
|
|
|
|
end
|
|
|
|
|
|
|
|
def if_authorized(result)
|
|
|
|
# Return the result if the finder does not perform authorization checks.
|
|
|
|
# this is currently the case in the `MilestoneFinder`
|
2020-11-24 15:15:51 +05:30
|
|
|
return result unless respond_to?(:current_user, true)
|
2018-03-27 19:54:05 +05:30
|
|
|
|
2022-06-21 17:19:12 +05:30
|
|
|
result if can_read_object?(result)
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def can_read_object?(object)
|
|
|
|
# When there's no policy, we'll allow the read, this is for example the case
|
|
|
|
# for Todos
|
|
|
|
return true unless DeclarativePolicy.has_policy?(object)
|
|
|
|
|
2020-11-24 15:15:51 +05:30
|
|
|
Ability.allowed?(current_user, :"read_#{to_ability_name(object)}", object)
|
|
|
|
end
|
|
|
|
|
|
|
|
def to_ability_name(object)
|
|
|
|
return object.to_ability_name if object.respond_to?(:to_ability_name)
|
2018-03-27 19:54:05 +05:30
|
|
|
|
2020-11-24 15:15:51 +05:30
|
|
|
# Not all objects define `#to_ability_name`, so attempt to derive it:
|
|
|
|
object.model_name.singular
|
2018-03-27 19:54:05 +05:30
|
|
|
end
|
|
|
|
end
|