Using authority with inherited_resources

[brendon]

Authority looks really simple and succinct but I was wondering if you had any ideas on how it could be used with inherited_resources so that it could authorise the resource after it has been loaded. From what I can tell one needs to insert these checks manually which would defeat inherited_resources code minimisation strategy.

I dig that you want this to be as agnostic as possible, but just wondered if you'd come across this use-case already?

[nathanl]

@brendon - Thanks!

I haven't used inherited_resources with Authority because I'm not a big fan of it. I appreciate José Valim and love his work on Devise, but I think inherited_resources obfuscates too much. Rails already makes controller code brief; I think it's just confusing if it disappears entirely. But that's my opinion.

That said, looking at the README, he has an example for when "you have to do something special but you don’t want to create a before filter for it". He shows this:

class ProjectsController < InheritedResources::Base
  def create
    @project = Project.new(params[:project])
    @project.something_special!
    create!
  end
end

You could use that strategy to insert a call to authorize_action_for(@project).

If you wanted to get super fancy, you might be able to override his code generation to automatically include that step, but I'm not sure how hard that would be.

[brendon]

Thanks Nathan :)

That makes a lot of sense. I guess I could define the base actions with the authority checks in a superclass to abstract them away. It'll probably depend on how he includes them in.

I'm working on rewriting a project with about 25 different 'modules' each with at least one model and usually more, so the code savings are great for me and help increase consistency, though I agree, if it were more than just me working on this rewrite things could get easily confusing :)

Thanks again for taking the time to look into this. I'll let you know how I get on. Right now I'm just tossing up between authority and cancan though I really dig how simple your concept is, and many of my checks aren't easily translatable into database calls.

On Wed, Apr 10, 2013 at 12:13 AM, Nathan Long notifications@github.comwrote:

@brendon https://github.com/brendon - Thanks!

I haven't used inherited_resources with Authority because I'm not a big fan of it. I appreciate José Valim and love his work on Devise, but I think inherited_resources obfuscates too much. Rails already makes controller code brief; I think it's just confusing if it disappears entirely. But that's my opinion.

That said, looking at the README, he has an example for when "you have to do something special but you don’t want to create a before filter for it". He shows this:

class ProjectsController < InheritedResources::Base def create @project = Project.new(params[:project]) @project.something_special! create! endend

You could use that strategy to insert a call to authorize_action_for(@project).

If you wanted to get super fancy, you might be able to override his code generation to automatically include that step, but I'm not sure how hard that would be.

— Reply to this email directly or view it on GitHubhttps://github.com/nathanl/authority/issues/30#issuecomment-16108915 .

[nathanl]

@brendon - cool. Good luck on your project, and let me know if I can answer any other questions!

[brendon]

Thanks Nathan :) Will do :)

On Wed, Apr 10, 2013 at 12:20 PM, Nathan Long notifications@github.comwrote:

@brendon https://github.com/brendon - cool. Good luck on your project, and let me know if I can answer any other questions!

— Reply to this email directly or view it on GitHubhttps://github.com/nathanl/authority/issues/30#issuecomment-16148563 .