pundit files

Authorization_with_Pundit/.gitignore

@@ -0,0 +1,19 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore the default SQLite database.
+/db/*.sqlite3
+/db/*.sqlite3-journal
+
+# Ignore all logfiles and tempfiles.
+/log/*
+!/log/.keep
+/tmp
+
+.idea/

Authorization_with_Pundit/Gemfile

@@ -0,0 +1,39 @@
+source 'https://rubygems.org'
+ruby '2.1.5'
+
+gem 'rails', '4.2.4'
+gem 'thin'
+
+gem 'pundit'
+gem 'clearance'
+
+gem 'bootstrap-sass'
+
+group :development do
+  gem 'sqlite3'
+  gem 'annotate'
+  gem 'better_errors'
+  gem 'binding_of_caller'
+end
+
+group :production do
+  gem 'rails_12factor'
+  gem 'pg'
+end
+
+# Use SCSS for stylesheets
+gem 'sass-rails', '~> 5.0'
+# Use Uglifier as compressor for JavaScript assets
+gem 'uglifier', '>= 1.3.0'
+# Use CoffeeScript for .coffee assets and views
+gem 'coffee-rails', '~> 4.1.0'
+# See https://github.com/rails/execjs#readme for more supported runtimes
+# gem 'therubyracer', platforms: :ruby
+
+# Use jquery as the JavaScript library
+gem 'jquery-rails'
+# Turbolinks makes following links in your web application faster. Read more: https://github.com/rails/turbolinks
+gem 'turbolinks'
+
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]

Authorization_with_Pundit/Gemfile.lock

@@ -0,0 +1,183 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.2.4)
+      actionpack (= 4.2.4)
+      actionview (= 4.2.4)
+      activejob (= 4.2.4)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.4)
+      actionview (= 4.2.4)
+      activesupport (= 4.2.4)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.4)
+      activesupport (= 4.2.4)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activejob (4.2.4)
+      activesupport (= 4.2.4)
+      globalid (>= 0.3.0)
+    activemodel (4.2.4)
+      activesupport (= 4.2.4)
+      builder (~> 3.1)
+    activerecord (4.2.4)
+      activemodel (= 4.2.4)
+      activesupport (= 4.2.4)
+      arel (~> 6.0)
+    activesupport (4.2.4)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    annotate (2.6.10)
+      activerecord (>= 3.2, <= 4.3)
+      rake (~> 10.4)
+    arel (6.0.3)
+    autoprefixer-rails (6.0.3)
+      execjs
+      json
+    bcrypt (3.1.10-x86-mingw32)
+    better_errors (2.1.1)
+      coderay (>= 1.0.0)
+      erubis (>= 2.6.6)
+      rack (>= 0.9.0)
+    binding_of_caller (0.7.2)
+      debug_inspector (>= 0.0.1)
+    bootstrap-sass (3.3.5.1)
+      autoprefixer-rails (>= 5.0.0.1)
+      sass (>= 3.3.0)
+    builder (3.2.2)
+    clearance (1.11.0)
+      bcrypt
+      email_validator (~> 1.4)
+      rails (>= 3.1)
+    coderay (1.1.0)
+    coffee-rails (4.1.0)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0, < 5.0)
+    coffee-script (2.4.1)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.9.1.1)
+    daemons (1.2.3)
+    debug_inspector (0.0.2)
+    email_validator (1.6.0)
+      activemodel
+    erubis (2.7.0)
+    eventmachine (1.0.8)
+    execjs (2.6.0)
+    globalid (0.3.6)
+      activesupport (>= 4.1.0)
+    i18n (0.7.0)
+    jquery-rails (4.0.5)
+      rails-dom-testing (~> 1.0)
+      railties (>= 4.2.0)
+      thor (>= 0.14, < 2.0)
+    json (1.8.3)
+    loofah (2.0.3)
+      nokogiri (>= 1.5.9)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    mime-types (2.6.2)
+    mini_portile (0.6.2)
+    minitest (5.8.1)
+    nokogiri (1.6.6.2-x86-mingw32)
+      mini_portile (~> 0.6.0)
+    pg (0.18.3-x86-mingw32)
+    pundit (1.0.1)
+      activesupport (>= 3.0.0)
+    rack (1.6.4)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (4.2.4)
+      actionmailer (= 4.2.4)
+      actionpack (= 4.2.4)
+      actionview (= 4.2.4)
+      activejob (= 4.2.4)
+      activemodel (= 4.2.4)
+      activerecord (= 4.2.4)
+      activesupport (= 4.2.4)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.4)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.7)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    rails_12factor (0.0.3)
+      rails_serve_static_assets
+      rails_stdout_logging
+    rails_serve_static_assets (0.0.4)
+    rails_stdout_logging (0.0.4)
+    railties (4.2.4)
+      actionpack (= 4.2.4)
+      activesupport (= 4.2.4)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    sass (3.4.18)
+    sass-rails (5.0.4)
+      railties (>= 4.0.0, < 5.0)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
+    sprockets (3.3.4)
+      rack (~> 1.0)
+    sprockets-rails (2.3.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (>= 2.8, < 4.0)
+    sqlite3 (1.3.10-x86-mingw32)
+    thin (1.6.4)
+      daemons (~> 1.0, >= 1.0.9)
+      eventmachine (~> 1.0, >= 1.0.4)
+      rack (~> 1.0)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tilt (2.0.1)
+    turbolinks (2.5.3)
+      coffee-rails
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    tzinfo-data (1.2015.6)
+      tzinfo (>= 1.0.0)
+    uglifier (2.7.2)
+      execjs (>= 0.3.0)
+      json (>= 1.8.0)
+
+PLATFORMS
+  x86-mingw32
+
+DEPENDENCIES
+  annotate
+  better_errors
+  binding_of_caller
+  bootstrap-sass
+  clearance
+  coffee-rails (~> 4.1.0)
+  jquery-rails
+  pg
+  pundit
+  rails (= 4.2.4)
+  rails_12factor
+  sass-rails (~> 5.0)
+  sqlite3
+  thin
+  turbolinks
+  tzinfo-data
+  uglifier (>= 1.3.0)
+
+BUNDLED WITH
+   1.10.6

Authorization_with_Pundit/Procfile

@@ -0,0 +1 @@
+web: bundle exec rails server thin -p $PORT -e $RACK_ENV

Authorization_with_Pundit/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks

Authorization_with_Pundit/app/assets/javascripts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require jquery
+//= require jquery_ujs
+//= require turbolinks

Authorization_with_Pundit/app/assets/stylesheets/application.scss

@@ -0,0 +1,10 @@
+@import 'bootstrap-sprockets';
+@import 'bootstrap';
+
+#footer {
+  margin-top: 50px;
+}
+
+.alert-notice {
+  @extend .alert-warning;
+}

Authorization_with_Pundit/app/controllers/application_controller.rb

@@ -0,0 +1,22 @@
+class ApplicationController < ActionController::Base
+  include Clearance::Controller
+  include Pundit
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+
+  before_action :require_login
+
+  rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+
+  private
+
+  def user_not_authorized(exception)
+    #flash[:warning] = "You are not authorized to perform this action."
+
+    policy_name = exception.policy.class.to_s.underscore
+
+    flash[:warning] = t "#{policy_name}.#{exception.query}", scope: "pundit", default: :default
+    redirect_to(request.referrer || root_path)
+  end
+end

Authorization_with_Pundit/app/controllers/posts_controller.rb

@@ -0,0 +1,71 @@
+class PostsController < ApplicationController
+  before_action :set_post, only: [:show, :edit, :update, :destroy]
+  after_action :verify_authorized, only: [:destroy]
+  after_action :verify_policy_scoped, only: [:user_posts]
+
+  # GET /posts
+  def index
+    @posts = Post.all
+  end
+
+  # GET /posts/1
+  def show
+  end
+
+  # GET /posts/new
+  def new
+    @post = Post.new
+  end
+
+  # GET /posts/1/edit
+  def edit
+  end
+
+  # POST /posts
+  def create
+    @post = Post.new
+    @post.update_attributes(permitted_attributes(@post))
+
+    if @post.save
+      redirect_to @post, notice: 'Post was successfully created.'
+    else
+      render :new
+    end
+  end
+
+  # PATCH/PUT /posts/1
+  def update
+    if @post.update(permitted_attributes(@post))
+      redirect_to @post, notice: 'Post was successfully updated.'
+    else
+      render :edit
+    end
+  end
+
+  # DELETE /posts/1
+  def destroy
+    if @post.present?
+      authorize @post
+      @post.destroy
+    else
+      skip_authorization
+    end
+
+    redirect_to posts_url, notice: 'Post was successfully destroyed.'
+  end
+
+  def user_posts
+    @posts = policy_scope(Post)
+  end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    def set_post
+      @post = Post.find_by(id: params[:id])
+    end
+
+    # Only allow a trusted parameter "white list" through.
+    def post_params
+      params.require(:post).permit(policy(@post).permitted_attributes)
+    end
+end

Authorization_with_Pundit/app/controllers/users_controller.rb

@@ -0,0 +1,8 @@
+class UsersController < ApplicationController
+  def update
+    @user = User.find(params[:id])
+    @user.toggle!(:admin)
+    flash[:success] = 'OK!'
+    redirect_to root_path
+  end
+end

Authorization_with_Pundit/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

Authorization_with_Pundit/app/helpers/posts_helper.rb

@@ -0,0 +1,2 @@
+module PostsHelper
+end

Authorization_with_Pundit/app/models/post.rb

@@ -0,0 +1,3 @@
+class Post < ActiveRecord::Base
+  belongs_to :user
+end