search

varvet / pundit

Minimal authorization through OO design and pure Ruby classes
MIT License
8.24k stars 627 forks source link

Question: Roles & Pundit, knowing all permission space? #692

Closed nitsujri closed 2 years ago

nitsujri commented 2 years ago

Question

My question is: As a role manager, how do I know what permissions/abilities are available to pick from to give to the role? Ideally, I could "pick from" a list of all possible permissions, but I don't fully understand how to get at "all possible permissions".

What's the standard way of handling this?

Background

Our little admin area is growing and we're currently effectively defining roles inside our policies:

SensitiveDashboardPolicy
  def index?
    @user.auditor?
  end

But of course as multiple roles gain access to the same object in a mickey mouse venn diagram, it becomes more ideal assign roles the permissions at the DB level than manually defining which roles has which permissions:

SensitiveDashboardPolicy
  def index?
    @user.has_permission?('view_sensitive_dashboard') # @user has a `sensitive_dashboard` role which has `view_sensitive_dashboard` permission.
  end

Apologies if this isn't the right way to go about asking this question.

dgmstuart commented 2 years ago

Thanks for the question. This isn't something which Pundit can help with: we don't have a concept of user roles. There are other libraries which can probably be used in addition to pundit which might be able to give you the functionality you're looking for. Here's a good place to start looking: https://www.ruby-toolbox.com/search?q=roles