Require pundit for queries, preventing accidental data exposure

[bmulholland]

I'd like some level of backup that data is only ever accessed in an authorized way, probably with a raised exception if I forget to use policy_scope. This gives some level of comfort that data exposure doesn't happen by accident. Is there any way to achieve that?

More specifically, Post.all would throw an error, while policy_scope(Post).all would work fine.

This is in-line with the enforcement spelled out in README: Ensuring policies and scopes are used, but it could go further. There's no way to make sure that a scope isn't forgotten in, say, a Sidekiq job.

Is there a way to achieve that? If not, would you consider adding it, or even a PR to do so?

[dgmstuart]

I don't think this is possible in the general case, and I don't think this is a feature we'd want to add to Pundit.

What makes it possible in Rails controllers is that we have access to after_action: if sidekiq (or whatever other case you'd like to have this behaviour) has a similar hook then you could easily implement the same behaviour for that specific case by calling verify_policy_scoped after every job.

Bear in mind that verify_policy_scoped only provides a quite weak protection: all it checks is that policy_scope was called at least once - not that every query included policy_scope.