-
-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implicit authorization #2125
Comments
This should work great with #2126 |
UP |
I wonder if this can be achieved by making all methods return |
I've been using some monkey-patching as a workaround, which has been working good so far. Just a little inconvenient having to manually add it for every association. application_policy.rb def self.has_association(association, with_full_permissions = false)
['create', 'attach', 'detach', 'destroy', 'edit'].each do |action|
define_method(:"#{action}_#{association}?") { with_full_permissions }
end
define_method(:"show_#{association}?") { Pundit.policy!(user, record).show? }
alias_method :"view_#{association}?", :show?
end Kudos to @segiddins for sharing this in #1574 As for a more permanent solution, I'm really not sure how. |
This disables everything (access to the resource/search/attachments/uploads, everything) until someone implicitly enables them.
Maybe we should introduce a roles system that will handle this.
From #1574
The text was updated successfully, but these errors were encountered: