-
Notifications
You must be signed in to change notification settings - Fork 635
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting a scope for a specific action #368
Comments
If I'm getting this right maybe you'll be interested in this discussion: Allows Scope to receive additional arguments |
@nbekirov I have seen that, but it seemed a little different in goals, even if the implementation ends up being similar. From the example included, it looks like that user it trying to pass in somewhat arbitrary arguments, and for that reason @jnicklas suggests wrapping in a domain object. I'm interested only in passing additional "verbs" into scope, generally the same "verbs" that correspond to the policy's method names. |
👍 It would be nice to have different scopes for different actions, such as:
Would there be any red flag in implementing multiple Scopes in the same Policy? # user_policy.rb
class UserPolicy < ApplicationPolicy
class Scope < Scope # equivalent to `< ApplicationPolicy::Scope`
def resolve
if user.admin?
scope
else
scope.confirmed.enabled # filter unconfirmed, and disabled accounts
end
end
end
class EmailScope < Scope # equivalent to `< UserPolicy::Scope`
def resolve
super.where.not(users: {id: user.id}) # Based on the UserPolicy's main Scope
end
end
end
# in my views/controllers
# ...
mailable_users = UserPolicy::EmailScope.new(current_user, User).resolve
# ... |
Yes, I think that's a nice pattern. Nothing wrong with that in my book! 👍 |
@AndrewSwerlick this was actually something I thought about when I designed the interface. My thinking then was that I think for backward-compatibility reasons it'll be hard to switch to an API which allows different verbs to be passed in somehow, but it would definitely be a nice feature, IMO. |
+1 on having some method like CallPolicy::JournalScope.new(pundit_user, Call.all).resolve @davidstosik, thank you, I'm currently using your example, it's working fine for me. |
what about |
I sortof think that
where the second argument defaults to :resolve would be very useful. Is that something people are interested in supporting if I implemented it in a PR? So, I would add additional methods into the Scope class, and reference them by the symbol I pass into policy_scope |
Hello all, I was taking a look into this and I realized something.
What has been done so far, is just fetching the policy and calling a method on it. Same as you would with policy(post).update? I think we could add a method like
and obviously, complement with the
This would be even backward-compatible as the any existing use of policy_scope would still work. policy scope could then be defined as just:
This would result in a more symmetric set of features that would look like this:
And |
Sorry it took me so long to respond to this, I think @formigarafa's comment is really interesting and well reasoned. I really like that it preserves backward compatibility, but it seems a bit confusing to me that we'd still have |
About a year ago our company was reading this exact thread trying to figure out if we could use Pundit or make our own gem that solves this problem. We loved Pundit so much we knew we wanted to take a PORO approach, so we built Moat. Moat’s “opinion” is that security should be controlled primarily at the scope level (and support lots of scopes) instead of at the object level. We’ve been using it in production now for over a year so it’s been battle tested. We also get our source code audited every year by a security firm and they were quite pleased to see our authorization logic organized into policy folders with corresponding specs. |
Also there is |
I came looking for the solution @formigarafa outlined. It is clean and should be supported. Combining this with record level authorisations gives you a very flexible and powerful authorisation system. However, I would be careful with the naming here.
I would propose something like
Thankfully, Pundit is plain objects (thank the stars) and it is easy to monkey-patch/refine this while we wait for it to be added. |
Those helper methods on controllers are really handy bit to be honest I gave up on waiting for them in the gem. |
Totally agree! Also, I thought about this a bit and |
Is there a mechanism for having a policy with different scopes for different kinds of actions. For example, I have a license table that stores all the licenses for our application that an organization has purchased. When users login, they have a page where they can select a license to operate under. Company administrators have pages where they can view a license, and all its associated details. "select" vs "view" are two very different permissions. Users may be able to select licenses from their entire company, but may only be responsible for the administration of licenses in their department, and so can only view those. However in both cases I have reasons to want to quickly create a scope of the records the user is authorized to access. For "select" I need to populate drop downs, for "view", I need to build out tables on index pages. I don't see how I can do this in pundit with the current scope setup.
The text was updated successfully, but these errors were encountered: