Comments (9)
brendon
commented on May 18, 2024
1
@palkan, you might want to remove https://actionpolicy.evilmartians.io/#/controller_action_aliases that relates to this PR.
from action_policy.
palkan
commented on May 18, 2024
in some of my controllers there are other actions (e.g. sort) and some that are injected by concerns. In that case, it's illogical to keep adding those rule aliases to the policy
Why not using explicit rules in the concerns? That makes more sense, IMO.
I'm also using controllers concerns to add action, and I'm doing like this:
module Voted
extend ActiveSupport::Concern
included do
before_action :set_votable, only: [:vote_up, :vote_down, :cancel_vote]
end
def vote_up
# do smth with @votable
end
def set_votable
@votable = controller_name.classify.constantize.find(params[:id])
authorize! @votable, to: :manage?
end
endfrom action_policy.
brendon
commented on May 18, 2024
Thanks @palkan, in my case my authorize! is called from a controller superclass. I'd have to restrict its execution to the REST verbs, then use your method to do an alternative authorize! specifying the rule. Seems like a messier approach once I'm dealing with 10's of one-off non-REST actions spread across lots of controllers (many not in concerns).
I'm authorising in the superclass because my policy doesn't care about any of the sub-models in the application, just their ultimate parent, and its place in the site tree.
I'll probably just implement something in my application that is the same as my PR. I just thought you might want to have it as part of action_policy :)
from action_policy.
palkan
commented on May 18, 2024
I just thought you might want to have it as part of action_policy :)
What about adding this use-case to the docs? And then, if there would be a demand, include it into the gem.
from action_policy.
brendon
commented on May 18, 2024
Ok, sounds like a good idea. Do you mean to put in the docs saying that it is a proposed feature and show examples as it would work as implemented in the PR, then ask people to chime in on this issue if they'd like to see it implemented?
from action_policy.
palkan
commented on May 18, 2024
Yep. We can add a new top-level section, say, "Tip & Tricks", and the proposed implementation and the reasoning behind it.
And also add a link to this doc to Readme.
from action_policy.
brendon
commented on May 18, 2024
Done (#28). I'll link to the readme from here once the PR is merged :) Hopefully that page also helps explain my use case a bit better.
from action_policy.
brendon
commented on May 18, 2024
See: https://actionpolicy.evilmartians.io/#/controller_action_aliases for more information.
from action_policy.
palkan
commented on May 18, 2024
Closed as stale
from action_policy.
Related Issues (20)
- Add option to disable authorization context memoization HOT 12
- Add ability to authorize nil records if :with option is provided HOT 2
- NoMethodError: undefined method `params_filter' for MyPolicy:Class in tests HOT 1
- Authorizing fields based on params_filter HOT 1
- Unknown policy scope type :active_record_relation HOT 3
- Policy-generator not working with Ruby 3.2 HOT 1
- uninitialized constant ActionController::Parameters HOT 4
- I18n does not seem to work with I18n Active Record HOT 1
- How Do I Test Resource-less Authorize? HOT 1
- Add --parent option to policy generator HOT 2
- Update a documentation about #be_an_alias_of matcher HOT 2
- Documentation Contrast HOT 3
- Can't alias `create?` to `manage?` HOT 1
- Cannot use `controller_authorize_current_user` with `ActionPolicy::Base` HOT 1
- Rspec fails with v0.6.6 when `eager_load` is set to `true` HOT 13
- 0.6.7 breaks wrap_parameters HOT 3
- Policy lookup for authorized_scope returns default policy instead of using implicit authorization target HOT 3
- Add `with_context` qualifier to `have_authorized_scope` matcher. HOT 1
- Allow using callable objects as scopes
- Migrate pretty print to Prism
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action_policy.