Please don't use manage

[mmichaa]

Hey Piotr, I read your blog post http://blog.chaps.io/2015/11/13/role-based-authorization-in-rails.html a few minutes ago. Because im not unhappy with CanCan too, I was exited to read how your library works. It looks good, it looks better than CanCan! But one thing I read in your blog post confused me:

:manage is a meta-action borrowed from CanCan, which is just a shortcut for defining all default CRUD actions ([:read, :create, :update, :destroy]).

Because I have had some issues with the :manage action, I already had to look a little bit deeper onto it. A must say that :mage isn't ":read, :create, :update, :destroy". It's more than that. Please take a look at this lines of code:

• https://github.com/ryanb/cancan/blob/4560928dc375f9b31de00381c98334eb6aabc4b9/lib/cancan/ability.rb#L81
• https://github.com/ryanb/cancan/blob/4560928dc375f9b31de00381c98334eb6aabc4b9/lib/generators/cancan/ability/templates/ability.rb#L16
• https://github.com/ryanb/cancan/blob/4560928dc375f9b31de00381c98334eb6aabc4b9/lib/cancan/rule.rb#L86

I have thought that :mange means only ":read, :create, :update, :destroy" for a long time. But it means "all".I can image that there are many other people, who are thinking that. Therefore I wish you wouldn't use :manage. The idea of an shortcut for ":read, :create, :update, :destroy" is great, but maybe with an other name. Maybe with a simple :crud :) How do you think about that point?

Best regards, Michał

[pokonski]

Hi, thanks for asking. I know what it does in CanCan, but its use in AG is way simpler.

I'm actually more inclined on removing :manage completely, as it isn't really necessary in AG. :manage was a hack in the first place added to CanCan, and I don't even personally use it at all.

Also you don't have to use it in your apps, and therefore avoid the confusion. Tailoring the gem to one person's perception of what it should be is not my goal.