prey / gdpr_rails

Rails Engine for the GDPR compliance
https://preyproject.com
MIT License
626 stars 62 forks source link

current_user when not using Devise #10

Open sapientpants opened 6 years ago

sapientpants commented 6 years ago

Any thoughts as to how current_user should be made available when Devise (and hence its helper that generates current_user) isn't being used?

I'm happy to work on this, but wanted to ask if anyone has an idea for how this should be done.

michelson commented 6 years ago

hello, in fact we do not use devise, however we thought that many integrations of this library would. In general, authentication libraries have a helper method called current_user. therefore it's integration into this library is given by the injection of that helper into policy manager application controller, as it is in the readme example. I think that is the easiest way to integrate it. Do you have any idea on how to make that integration simpler or more elegant? If so, we will glad to discuss it's design

Best!

El lun., 7 de may. de 2018 2:27 p. m., sapientpants < notifications@github.com> escribió:

Any thoughts as to how current_user should be made available when Devise (and hence its helper that generates current_user) isn't being used?

I'm happy to work on this, but wanted to ask if anyone has an idea for how this should be done.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/prey/gdpr_rails/issues/10, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAuyGUuUD-QzDvwYYffP9YRkWSkNMriks5twIQcgaJpZM4T1Vnz .

sapientpants commented 6 years ago

Off the top of my head I can think of two approaches.

  1. Refactor my application to move current_user from my ApplicationController into a concern that can be then included in my ApplicationController and injected into the GDPR one similar to the Devise approach.
  2. Passing a lambda in via the Config object.

I include option 2 for completeness as it seems even less elegant than option 1 which itself is not particularly nice.

It'd be nice if GDPR could just use current_user from my ApplicationController without me having to do anything extra.

viamin commented 6 years ago

This is also a problem for Devise users that use a model other than User for authentication. If you're authenticating a Person, for example, Devise creates current_person instead of current_user.

I've worked around this by creating a controller concern (app/controllers/concerns/auth_helpers.rb):

module AuthHelpers
  extend ActiveSupport::Concern

  def current_user
    current_person # assumes the Devise helpers are also included
  end
end

and I include this in the PolicyManager ApplicationController (in config/initializers/gdpr.rb):

PolicyManager::ApplicationController.send(:include, AuthHelpers)