Replacement for accessible_by

[linkyndy]

Since AccessGranted does not support CanCan's accessible_by, how can I achieve something similar to it? It's handy to have such a scope to retrieve only permitted objects.

[pokonski]

accessible_by is only possible for permissions with hash conditions (for obvious reasons) and has very limited use.

I have no intention of bringing this functionality into access-granted as it creates too much complexity and couples two completely different things, authorization and querying internal data storage.

What you need is to just check the user's role and query accordingly by a given column.

In 99% cases you just need to filter by the owner's id. Not something access-granted should know about.

[linkyndy]

I respect your choice, wasn't questioning whether you should add accessible_by. But in my case, 99% of the uses of 'accessible_by` are complex, I just don't check based on a single column on the target model. I have roles that control nested objects by even 3-4 levels, so I guess it would be quite cumbersome to do this manually. That's why I've asked, maybe I'm missing something more obvious.

[pokonski]

I would create a repository that does the fetching depending on the current_user and his role. You could even check for exact permissions inside that repository and build queries based on that.

On 15 January 2016 at 09:53, Andrei Horak notifications@github.com wrote:

I respect your choice, wasn't questioning whether you should add accessible_by. But in my case, 99% of the uses of 'accessible_by` are complex, I just don't check based on a single column on the target model. I have roles that control nested objects by even 3-4 levels, so I guess it would be quite cumbersome to do this manually. That's why I've asked, maybe I'm missing something more obvious.

— Reply to this email directly or view it on GitHub https://github.com/chaps-io/access-granted/issues/26#issuecomment-171904727 .

Piotr Okoński piotrek@okonski.org | +48 792 097 151

[pokonski]

Additional thought: I might be able to expose applying conditions for a given user to use in fetching, but I don't want to actually integrate with any ORMs.

On 15 January 2016 at 09:55, Piotrek Okoński piotrek@okonski.org wrote:

I would create a repository that does the fetching depending on the current_user and his role. You could even check for exact permissions inside that repository and build queries based on that.

On 15 January 2016 at 09:53, Andrei Horak notifications@github.com wrote:

I respect your choice, wasn't questioning whether you should add accessible_by. But in my case, 99% of the uses of 'accessible_by` are complex, I just don't check based on a single column on the target model. I have roles that control nested objects by even 3-4 levels, so I guess it would be quite cumbersome to do this manually. That's why I've asked, maybe I'm missing something more obvious.

— Reply to this email directly or view it on GitHub https://github.com/chaps-io/access-granted/issues/26#issuecomment-171904727 .

Piotr Okoński piotrek@okonski.org | +48 792 097 151

Piotr Okoński piotrek@okonski.org | +48 792 097 151

[linkyndy]

I understand. Thanks for your help; will keep an eye on the progress of this gem ;) Keep up the good work!

[TSMMark]

Hey @pokonski (or any maintainers), is this a thing yet?

I might be able to expose applying conditions for a given user to use in fetching

Can't find this in the readme or docs

[pokonski]

Hey @TSMMark, this is not in Access Granted. But if anyone is willing to make an extension to AG we can include it :)

[TSMMark]

To make sure we're on the same page about it, could you give a brief example of how you imagine it to work?

[pokonski]

I personally have no need for such feature so not really, I haven't given it much thought