authorize went from using policy to policy! in #697

varvet / pundit

Minimal authorization through OO design and pure Ruby classes

MIT License

8.22k stars 625 forks source link

authorize went from using policy to policy! in #697 #730

Closed Burgestrand closed 2 years ago

Burgestrand commented 2 years ago

This appears to be a breaking change, and I'm curious whether or not that was intentional. Our code uses the authorize(record) method below which used to find the policy_class with policy but this now uses policy! in that situation.

Can you please verify that you meant to force a more explicit definition of policy_class? Thanks!

_Originally posted by @adherr in https://github.com/varvet/pundit/pull/697#discussion_r835656389_

dgmstuart commented 2 years ago

I think I'm missing something: wasn't this a bugfix?

In the previous implementation, we were effectively doing policy = policy(record) and then calling policy.public_send(query).

The issue with that is that policy(record) returns nil in the situation where there's no policy class corresponding to the record, so we'd get eg. NoMethodError: index? is not defined on nil?

@adherr What's the behaviour from the previous implementation that you're relying on?

Burgestrand commented 2 years ago

Good point! I missed that. I'll close this in the interim and we'll reopen it when there's new information.