Skip to content
This repository has been archived by the owner on Jan 30, 2020. It is now read-only.

Allow passing explicit policy #20

Merged
merged 3 commits into from
Oct 6, 2017
Merged

Allow passing explicit policy #20

merged 3 commits into from
Oct 6, 2017

Conversation

phyrog
Copy link
Collaborator

@phyrog phyrog commented Oct 5, 2017
edited
Loading

This allows passing of keyword arguments to authorize, so a policy and a record can be overridden individually. Note that this is a breaking change. Where you previously used

authorize :write, Repository
# => RepositoryPolicy.new(current_user, Repository).write?

to use RepositoryPolicy#write?, you now have to specify it like this:

authorize :write, record: Repository
# => RepositoryPolicy.new(current_user, Repository).write?

Also possible:

authorize :write, policy: Repository # or :repository
# => RepositoryPolicy.new(current_user, parent).write?

This would use the parent object in combination with the RepositoryPolicy, which was previously impossible (this is the main reason for the change).

You can combine this with record like this:

authorize :write, policy: :repository, record: RepositoryCompound.new
# => RepositoryPolicy.new(current_user, RepositoryCompound.new).write?

to instantiate the RepositoryPolicy with RepositoryCompound.new and call write?, which was also previously impossible.

@codecov-io
Copy link

codecov-io commented Oct 5, 2017
edited
Loading

Codecov Report

Merging #20 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff          @@
##           master    #20   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           5      5           
  Lines         168    172    +4     
=====================================
+ Hits          168    172    +4
Impacted Files Coverage Δ
lib/graphql-pundit.rb 100% <100%> (ø) ⬆️
lib/graphql-pundit/instrumenters/authorization.rb 100% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c4f6b26...bb821d0. Read the comment docs.

houndci-bot
houndci-bot reviewed Oct 5, 2017
View reviewed changes
spec/graphql-pundit/instrumenters/authorization_spec.rb Outdated
include_examples 'an authorizing field', error
context 'without policy' do
let(:field) do
subj = subject
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lint/UselessAssignment: Useless assignment to variable - subj. Did you mean subject?

spec/graphql-pundit/instrumenters/authorization_spec.rb Outdated
context 'without record' do
context 'with policy' do
let(:field) do
subj = subject
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lint/UselessAssignment: Useless assignment to variable - subj. Did you mean subject?

@phyrog phyrog force-pushed the allow_passing_explicit_policy branch from d2e9973 to bb821d0 Compare October 5, 2017 09:51
@phyrog phyrog requested a review from eugenk October 5, 2017 09:52
eugenk
eugenk reviewed Oct 6, 2017
View reviewed changes
Copy link
Member

@eugenk eugenk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@phyrog phyrog merged commit 4a72e9e into master Oct 6, 2017
@phyrog phyrog deleted the allow_passing_explicit_policy branch October 6, 2017 07:19
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@houndci-bot houndci-bot houndci-bot left review comments

@eugenk eugenk eugenk approved these changes

Assignees
No one assigned
Labels
ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@phyrog @codecov-io @eugenk @houndci-bot