cyclestreets / cyclescape

Cyclescape - cycle campaign group toolkit
https://www.cyclescape.org/
MIT License
33 stars 15 forks source link

Overhaul authorization libary #1081

Closed nikolai-b closed 2 months ago

nikolai-b commented 3 months ago

The last commit to declarative auth was in 2014. It no longer works with modern rails and makes rails upgrades tricky. There are two modern auth libraries in Rails: Pundit and CanCanCan, either is a good choice.

@mvl22 I've deployed this to staging. I've clicked around locally and I'll do more checks but another pair of eyes would be great as this is a complete change to all the authorization checks.

mvl22 commented 2 months ago

Thanks for all your efforts on this. Strongly agree on the need for migration as this is clearly holding a lot of other stuff back.

I'll have a go.

Do we have fairly comprehensive tests for permissions (I had thought we do) and do they all pass?

nikolai-b commented 2 months ago

@mvl22 yes, you can see the :white_check_mark: next to the final commit which links to our CI. The latest build is green. The tests give me great confidence but it makes sense with something that effects authorization to have another sanity check.

mvl22 commented 2 months ago

Staging doesn't actually seem to be loading at the moment...

nikolai-b commented 2 months ago

Thanks I'll have a look.

nikolai-b commented 2 months ago

@mvl22 it was file name issue, fixed now and staging works.

mvl22 commented 2 months ago

Thanks. I've also done various tests with different user levels.

Please do merge and deploy.