Basic pundit setup with OrderPolicy on create

- Needs to be integrated into a controller with `authorize @order` to be useful
- Add a default ApplicationPolicy using `pundit install`

Gemfile

@@ -41,3 +41,5 @@ group :test do
   gem "selenium-webdriver"
   gem "webmock"
 end
+
+gem "pundit", "~> 2.3"

Gemfile.lock

@@ -218,6 +218,8 @@ GEM
     public_suffix (5.0.5)
     puma (6.4.2)
       nio4r (~> 2.0)
+    pundit (2.3.2)
+      activesupport (>= 3.0.0)
     racc (1.7.3)
     rack (3.0.10)
     rack-session (2.0.0)
@@ -388,6 +390,7 @@ DEPENDENCIES
   pg (~> 1.1)
   pry (~> 0.14.2)
   puma (>= 5.0)
+  pundit (~> 2.3)
   rails (~> 7.1.3, >= 7.1.3.2)
   selenium-webdriver
   shadcn-ui (~> 0.0.12)

app/jobs/stock_purchase_job.rb

@@ -0,0 +1,11 @@
+class StockPurchaseJob < ApplicationJob
+  queue_as :default
+
+  def perform
+    pending_orders = Order.pending
+
+    pending_orders.each do |pending_order|
+      PurchaseStock.execute(pending_order)
+    end
+  end
+end

app/policies/application_policy.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  class Scope
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      raise NoMethodError, "You must define #resolve in #{self.class}"
+    end
+
+    private
+
+    attr_reader :user, :scope
+  end
+end

app/policies/order_policy.rb

@@ -0,0 +1,5 @@
+class OrderPolicy < ApplicationPolicy
+  def create?
+    user.portfolio == resource.portfolio
+  end
+end