Comments (4)
palkan
commented on September 28, 2024
the authorisation context doesn't get passed to the other policy (at least that's how it behaves)
Could you please provide an example?
Authorization contexts is passed to nested policies (see this test bacaa99).
from action_policy.
brendon
commented on September 28, 2024
In this example: https://actionpolicy.evilmartians.io/#/writing_policies?id=calling-other-policies
Say the PostPolicy required an extra bit of context, and I supplied it in the current controller. The CommentPolicy can have access to that context (but doesn't need it), but when we call allowed_to? on the PostPolicy the context is lost. At least it seems that way from my testing.
Let me know if that makes sense. If not I can put together a code example.
from action_policy.
palkan
commented on September 28, 2024
but when we call allowed_to? on the PostPolicy the context is lost
Hm, in that case an exception is raised (AuthorizationContextMissing); unless you specified allow_nil: true.
Could you share your policy classes? Or propose a PR with the failing test
from action_policy.
brendon
commented on September 28, 2024
Thanks @palkan. I've made a failing test case PR: #37
Hope it makes sense :)
from action_policy.
Related Issues (20)
- Unknown policy scope type :active_record_relation HOT 3
- Policy-generator not working with Ruby 3.2 HOT 1
- uninitialized constant ActionController::Parameters HOT 4
- I18n does not seem to work with I18n Active Record HOT 1
- How Do I Test Resource-less Authorize? HOT 1
- Add --parent option to policy generator HOT 2
- Update a documentation about #be_an_alias_of matcher HOT 2
- Documentation Contrast HOT 3
- Can't alias `create?` to `manage?` HOT 1
- Cannot use `controller_authorize_current_user` with `ActionPolicy::Base` HOT 1
- Rspec fails with v0.6.6 when `eager_load` is set to `true` HOT 13
- 0.6.7 breaks wrap_parameters HOT 3
- Policy lookup for authorized_scope returns default policy instead of using implicit authorization target HOT 3
- Add `with_context` qualifier to `have_authorized_scope` matcher. HOT 1
- Allow using callable objects as scopes HOT 1
- Migrate pretty print to Prism
- Allow to reset authorization context HOT 7
- Error using callable Class as relation_scope HOT 8
- How to test pre_checks HOT 2
- Improve "Not Authorized" exception message HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action_policy.