ยซ Changelog History


Action Policy v0.3.0 Release Notes

Release Date: 2019-04-02 // about 5 years ago
    • โž• Added ActiveSupport-based instrumentation. ([@palkan][])

    ๐Ÿ‘€ See PR#4

    • ๐Ÿ‘ Allow passing authorization context explicitly. ([@palkan][])

    Closes #3.

    Now it's possible to override implicit authorization context via context option:

    authorize! target, to: :show?, context: {user: another_user}
authorized_scope User.all, context: {user: another_user}
    • ๐Ÿ“‡ Renamed #authorized to #authorized_scope. ([@palkan][])

    NOTE: #authorized alias is also available.

    • โž• Added Policy#pp(rule) method to print annotated rule source code. ([@palkan][])

    Example (debugging):

    def edit?
  binding.pry # rubocop:disable Lint/Debugger
  (user.name == "John") && (admin? || access_feed?)
end

    pry> pp :edit?
MyPolicy#edit?
โ†ณ (
    user.name == "John" #=> false
  )
  AND
  (
    admin? #=> false
    OR
    access_feed? #=> true
  )
)

    ๐Ÿ‘€ See PR#63

    • โž• Added ability to provide additional failure reasons details. ([@palkan][])

    Example:

    class ApplicantPolicy < ApplicationPolicy
  def show?
    allowed_to?(:show?, object.stage)
  end
end

class StagePolicy < ApplicationPolicy
  def show?
    # Add stage title to the failure reason (if any)
    # (could be used by client to show more descriptive message)
    details[:title] = record.title
    # then perform the checks
    user.stages.where(id: record.id).exists?
  end
end