Closed monfresh closed 6 years ago
cc @md5
Two more things.
First, you may want to add after_action :verify_authorized
to ApplicationController
. This is mainly useful in testing and development to ensure that authorize
is called or explicitly skipped in all controller actions.
Second, I still find the fact that the scopes in this project are returning the results of pluck
instead of ActiveRecord::Relation
instances to be odd. Generally, I've seen scopes like this:
class OrganizationPolicy < ApplicationPolicy
class Scope < Scope
def resolve
if user.super_admin?
scope.all
else
scope.with_locations(location_ids)
end
end
end
end
@md5 Thanks for the great feedback! I made some changes here: https://github.com/codeforamerica/ohana-api/pull/433/commits/af62fb5d5044e327b1a4edc8b360d957277423ed
Let me know what you think.
As for returning an Array via pluck
instead of ActiveRecord::Relation
s, I believe it's for performance reasons when paginating and ordering the results in the view.
Cool. Glad to help.
Why: For completeness