search

code-and-effect / effective_datatables

An effective ActiveRecord to Datatables dsl for Ruby on Rails. Make intelligent tables quickly.
MIT License
134 stars 36 forks source link

`authorization_method` does not pass resource/action #27

Closed Nerian closed 7 years ago

Nerian commented 7 years ago

Hi,

I have this code on the initializer:

config.authorization_method = :datatable_authorization_method

And this in ApplicationController

def datatable_authorization_method(action, resource)
  params[:attributes][:coworking_space_id] == current_user.coworking_space.id.to_s
end

But the method is being called without the two arguments, so I get wrong number of arguments (given 0, expected 2) for that method.

Defining the method as def datatable_authorization_method removes the error.

So perhaps there is a change to be done here: https://github.com/code-and-effect/effective_datatables/blob/master/lib/effective_datatables.rb#L25

I am not using Cancan or Pundit.

matt-riemer commented 7 years ago

I always use the Proc rather than the method way of doing this....

If it's not causing you any issues, i'm going to leave as is, and take another look at this in the 3.0 branch.

Nerian commented 7 years ago

Yes, that makes perfect sense. I ended up using the Proc too, but the Readme confused me because it gives this as an example:

# As a Custom Method
config.authorization_method = :my_authorization_method
def my_authorization_method(action, resource)
  current_user.is?(:admin) || EffectivePunditPolicy.new(current_user, resource).send('#{action}?')
end

Given that the two methods have the same name, I assumed that they were related. Maybe we could just change the example to have authorize! as the method name:

https://github.com/code-and-effect/effective_datatables/pull/34