datadryad / dryad-product-roadmap

Repository of issues for Dryad project boards
https://github.com/orgs/datadryad/projects
8 stars 0 forks source link

Apply Pundit gem & policies to Dryad #2498

Closed ahamelers closed 1 year ago

ahamelers commented 1 year ago

Parent: #1989

Begin applying the Pundit gem to the project, for future improvement and enhancement

Roles & permissions doc: https://docs.google.com/spreadsheets/d/1slzcQOjqWnQSQfkwl720TLdl2Y8XMOzy9ANb5JOhqwA/edit#gid=2049842564

Pundit docs: https://www.rubydoc.info/gems/pundit

ahamelers commented 1 year ago

Examples from DMPTool project:

https://github.com/CDLUC3/dmptool/commit/6883c8ae41763965bc153f2dd0981eed45173082

Pundit's Scope class (in a controller):

       # GET /api/v2/plans
       # -----------------
       def index
         # See the Policy for details on what Plans are returned to the Caller
         plans = Api::V2::PlansPolicy::Scope.new(@client, @resource_owner, Plan).resolve
         if plans.present? && plans.any?
           @items = paginate_response(results: plans)
           @minimal = true
           render "api/v2/plans/index", status: :ok
         else
           render_error(errors: [_("No Plans found")], status: :not_found)
         end
       end

https://github.com/CDLUC3/dmptool/blob/main/app/policies/api/v2/templates_policy.rb