Support default Pundit policy class. #3323
Conversation
|
Thanks for the pull request! I haven't actually used Pundit myself; what sort of scenario is this useful for? When would Pundit not be able to find the policy class? |
|
Examples from my use case:
Basically it helps for such cases, when you don't bother to write dedicated policy class. When user has access to AA he can see last activities, hits etc, etc. By default behaviour with default policy is disabled so it is no security flow unless you use as default policy with bug. |
|
Looks nice. I've spotted today to the same issue. Hopefully it will be merged. 👍 |
| @@ -79,6 +79,8 @@ def initialize | |||
| # The authorization adapter to use | |||
| inheritable_setting :authorization_adapter, ActiveAdmin::AuthorizationAdapter | |||
|
|
|||
| inheritable_setting :pundit_default_policy, nil | |||
|
|
|||
There was a problem hiding this comment.
Instead of being in application.rb, this should be at the top of pundit_adapter.rb similar to cancan_adapter.rb
|
If you change the suggestion from @seanlinsley and me, I will merge it |
| @@ -66,6 +66,10 @@ | |||
| expect(application.allow_comments).to eq true | |||
| end | |||
|
|
|||
| it "should set default Pundit policy class" do | |||
| application.default_pundit_policy = policy_klass | |||
| end | |||
There was a problem hiding this comment.
You shouldn't only check the setting, you should check that is set too.
basic form @seban on #3323, with changes from @timoschilling
|
merged by hand with changes suggest above |
There are situations where to have default Pundit policy defined which will handle all cases here dedicated policy could not be found. Some of those cases I described in issue #3319. This PR introduces new ActiveAdmin setting
pundit_default_policywhich handles authorization when Pundit can't find dedicated Policy class for resource.