Integrated Pundit to it

Author: akhil-gautam

Gemfile

@@ -5,7 +5,6 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 ruby '3.0.3'
 gem 'bcrypt', '~> 3.1.7'
-gem 'cancancan'
 gem 'good_job'
 gem 'interactor', '~> 3.0'
 gem 'interactor-rails', '~> 2.0'
@@ -15,6 +14,7 @@ gem 'pagy', '~> 5.10'
 gem 'pg', '~> 1.1'
 gem 'premailer-rails'
 gem 'puma', '~> 5.0'
+gem 'pundit'
 gem 'rack-cors'
 gem 'rails', '~> 7.0.2', '>= 7.0.2.3'
 gem 'strong_migrations'

Gemfile.lock

@@ -79,7 +79,6 @@ GEM
     bullet (7.0.1)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
-    cancancan (3.3.0)
     coderay (1.1.3)
     concurrent-ruby (1.1.9)
     crack (0.4.5)
@@ -185,6 +184,8 @@ GEM
     public_suffix (4.0.6)
     puma (5.6.2)
       nio4r (~> 2.0)
+    pundit (2.2.0)
+      activesupport (>= 3.0.0)
     raabro (1.4.0)
     racc (1.6.0)
     rack (2.2.3)
@@ -284,7 +285,6 @@ DEPENDENCIES
   bcrypt (~> 3.1.7)
   bootsnap
   bullet (~> 7.0.1)
-  cancancan
   dotenv-rails
   factory_bot_rails (~> 6.2.0)
   faker (~> 2.20.0)
@@ -300,6 +300,7 @@ DEPENDENCIES
   premailer-rails
   pry-rails
   puma (~> 5.0)
+  pundit
   rack-cors
   rails (~> 7.0.2, >= 7.0.2.3)
   reek (~> 6.1.0)

app/controllers/api/v1/users_controller.rb

@@ -3,7 +3,7 @@
 module Api
   module V1
     class UsersController < ApplicationController
-      skip_before_action :authenticate_user
+      skip_before_action :authenticate_user, only: [:create, :login, :verify]
       before_action :set_user, only: [:update]
 
       # serves as signup
@@ -17,7 +17,8 @@ def create
       end
 
       def update
-        result = User::Update.call(params: user_params.except(:email))
+        authorize @user
+        # result = User::Update.call(params: user_params.except(:email))
       end
 
       def login

app/controllers/application_controller.rb

@@ -1,8 +1,11 @@
 # frozen_string_literal: true
 
 class ApplicationController < ActionController::API
+  include Pundit::Authorization
+
   before_action :authenticate_user
   rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
+  rescue_from Pundit::NotAuthorizedError, with: :unauthorized_access
   # rescue_from UnauthorizedError, with: :unauthorized_access
 
   def authenticate_user
@@ -22,13 +25,17 @@ def authenticate_user
     end
   end
 
+  def current_user
+    @current_user
+  end
+
   private
 
   def record_not_found
-    render json: { errors: 'Record not found' }, status: :not_found
+    return render json: { errors: I18n.t('generic.record_not_found') }, status: :not_found
   end
 
   def unauthorized_access
-    render json: { message: 'You are not authorized to access this resource!' }, status: :unprocessable_entity
+    return render json: { message: I18n.t('authorization.error') }, status: :forbidden
   end
 end

app/policies/application_policy.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      raise NotImplementedError, "You must define #resolve in #{self.class}"
+    end
+
+    private
+
+    attr_reader :user, :scope
+  end
+end

app/policies/user_policy.rb

@@ -0,0 +1,5 @@
+class UserPolicy < ApplicationPolicy
+  def update?
+    user.id == record.id
+  end
+end

config/locales/en.yml

@@ -1,6 +1,10 @@
 en:
   user:
     errors:
-      verify: User not found with the given token!
-      login: Email or password is incorrect!
-      not_found: User not found with the given ID!
+      verify: User not found with the given token.
+      login: Email or password is incorrect.
+      not_found: User not found with the given ID.
+  generic:
+    record_not_found: Record not found.
+  authorization:
+    error: Unauthorized access.

config/routes.rb

@@ -7,7 +7,7 @@
   namespace :api do
     namespace :v1 do
       resources :users, only: %i[create show update] do
-        post :login
+        post :login, on: :collection
       end
     end
   end