Strip namespace when using `policy_class`

varvet / pundit

Minimal authorization through OO design and pure Ruby classes

MIT License

8.24k stars 627 forks source link

Strip namespace when using `policy_class` #697

Closed Burgestrand closed 2 years ago

Burgestrand commented 2 years ago

Closes #689 Closes #694 Closes #666

Using policy_class and namespacing are two different ways of doing the same thing (specifying which policy to use). When both are given, we ignore the namespacing and rely on policy class since it's more specific — when we do so, we need to strip the namespace when passing the record to the policy class.

This is a refactor of #694.

TODO:

[x] Update the changelog.

sedubois commented 2 years ago

NB: I used to override def policy(record) (to add a namespace to the records and thus load namespaced policies when in an admin context) but that method is not called by def authorize any more, so it makes the overriding more difficult. Now I have to override both def pundit and def authorize.

dgmstuart commented 2 years ago

@sedubois have you tried the suggestion laid out in https://github.com/varvet/pundit#policy-namespacing?

If it doesn't work, please raise an issue.