search

nathanl / authority

*CURRENTLY UNMAINTAINED*. Authority helps you authorize actions in your Rails app. It's ORM-neutral and has very little fancy syntax; just group your models under one or more Authorizer classes and write plain Ruby methods on them.
MIT License
1.21k stars 67 forks source link

Authority DSL #44

Closed christhekeele closed 11 years ago

christhekeele commented 11 years ago

What do you think about packaging Authority with a simple little DSL for making long chains of conditionals in Authorizer methods more readable?

As my authorizers have grown more complex, I realized I could re-use the mini DSL from my Strong Parameters Sanitizer classes.

You can find the writeup here.

nathanl commented 11 years ago

I'm super impressed but also torn. On the one hand, the DSL is super cool and could be handy. (I had to go read up on throw and catch in Ruby, so thanks for prompting me to learn something! )

On the other hand, we sort of advertise Authority as "it's low magic, low-DSL, just write plain old Ruby methods!" Clearly using this DSL would be optional, but it would be a thing to learn, and the README is already 4,000 pages long (mostly because I'm obsessive about documentation).

@adamhunter, what do you think? (I'm commenting on the gist, too.)

nathanl commented 11 years ago

Looking further, isn't this:

def self.creatable_by?(user, *args)
    allow do
      when? { super }
      when? { user.has_role?(:member) and not user.shadow_banned? }
      when? { user.anonymous? and not User.banned_ips.include?(user.ip_address) }
    end
  end

exactly equivalent to this?

def self.creatable_by?(user, *args)
  return true if super
  return true if user.has_role?(:member) and not user.shadow_banned?
  return true if user.anonymous? and not User.banned_ips.include?(user.ip_address)
  false # optional; letting it return nil would be falsey
end

If so, why do you prefer the DSL?

christhekeele commented 11 years ago

Almost entirely readability. It's very non-essential, but I found it really helped me manage some quite complicated double-tenancy authorization.

It's pretty much entirely a little magic DSL, so I can see it not fitting in well with the spirit of the codebase. But it's also just 6 lines of code, so I figured I'd throw it up for discussion. :)

adamhunter commented 11 years ago

@nathanl left my thoughts on the gist (https://gist.github.com/christhekeele/5816657#comment-848098)

christhekeele commented 11 years ago

It's too small for a gem period... I decided to just refactor the gist to be more copy-paste friendly, so developers can take it or leave it.

nathanl commented 11 years ago

Nice. I added a link to the wiki.