Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

policy_class and policy usage #740

Open
mattzollinhofer opened this issue Jul 1, 2022 · 3 comments
Open

policy_class and policy usage #740

mattzollinhofer opened this issue Jul 1, 2022 · 3 comments

Comments

@mattzollinhofer
Copy link
Contributor

mattzollinhofer commented Jul 1, 2022

Basic Issue

If I use a custom policy for authorization (ex: authorize @post, policy_class: SpecialPostPolicy) in my controller how do I use policy(@post) to get the same policy in my view? Here's an example.

Simple Use Case

Controller:

def show
  @user = authorize User.find(params[:id]), policy_class: SpecialPostPolicy
end

View:

<%# This won't use `SpecialPostPolicy`, it'll use `PostPolicy` %>
<% if policy(@post).update? %>
  <%= link_to "Edit post", edit_post_path(@post) %>
<% end %>

Additional Commentary

I believe that in a previous version of Pundit the authorize call would call the policy method that was mixed into the controller it was working in the context of. But when authorization was extracted, I think that link was broken. We'd used that "seam" to be able to override def policy in our controller which allowed both the authorize call and the view to use the same policy. It's unclear to me how to use the same custom policy now. I believe this comment is referring to a related idea.

@Burgestrand
Copy link
Member

Burgestrand commented May 25, 2023

Hi @mattzollinhofer! I'd be interested in hearing your reaction to the following idea: #774

@sequielo
Copy link

I believe you should be able to manually instantiate the policy this way:

  <% if SpecialPostPolicy.new(pundit_user, @post).update? %>

Hope this helps for now.

@Burgestrand
Copy link
Member

Question on this particular issue, are you looking to specifically get the same instance back, or just the same policy lookup behaviour?

For the latter, the above comment seems sufficient to me: #740 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants