Open MyklClason opened 2 years ago
Hi - you say you have a solution, but I don't think I understand what that solution you're suggesting is?
Overriding calls to Record.all
feels both unnecessarily intrusive (it would require monkeypatching ActiveRecord
?) and also insufficient (eg. calls to Record.where(...)
would not be covered).
Using global state is also not something we'd be keen to do.
In general I think this feature is not possible: you're never going to be able to lock down all database queries because Ruby is just too dynamic and Rails provides so many different ways to access the database: there will always be some workaround which will slip through.
If you really need more strict locking down of access like this, then I'm afraid Ruby and Rails are probably not good tools for achieving that.
But in any case, I think it's a mistake to think of verify_policy_scoped
and verify_authorized_features
as a way to systematically ensure that Pundit is applied everywhere: as the documentation hopefully makes clear, they're just intended to be a reminder to the developer to prevent accidentally forgetting to add any scoping/authorizing.
Perhaps we need to make that clearer in the documentation: you're not the first person to try to use these methods in the way you're describing.
Have similar issue as this one, but have a solution in mind: https://github.com/varvet/pundit/issues/663
The issue is to be explicit and potentially excessive. Though we can make use of lazy query logic to prevent doing too much work: Basically given this:
We want it to raise an error unless it has something like one of these two:
This might be as simple as policy_scope setting a "pundit_policy_scoped" flag on
Record.all
(or worst case, a global/instance variable or just using the cache) andto_sql
(or another method that is called when actually sending the query to the database) raising an error if the flag isn't set. We can skip doing both unlesspolicy_scope
is defined.Even if it's not an official solution, it would be good to have a code example that allows for it.