Project

grabli

0.0
No commit activity in last 3 years
No release in over 3 years
grablidikond/grabliHomepageDocumentationSource CodeBug TrackerWiki
Grab permissions from your Pundit policies
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
6,722
Stars
1
Forks
0
Watchers
1
 Releases
Current version
0.2.1
Total releases
3
First release
2018-03-10
Latest release
2018-08-01
 Development
Primary Language
Ruby
Licenses
wtfpl
Average date of last 50 commits
2018-05-14
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.16
rake
~> 10.0
rspec
~> 3.0

Runtime

pundit
> 0
 Project Readme

Grabli

Hola ✌️

The very specific goal of this gem is to extract pundit policy permissions to something serializable... like a ruby array! Why do you need that? To tell the front-end application or API consumer what you think of the current user, hehe 😏 As a bonus, I find it easier to write unit tests for policies. But to have a dependency on third-party gems for unit tests, even as awesome as this one, may be undesirable.

Usage

With a given CompanyPolicy you can do:

require 'grabli'

Grabli.new.collect(@user, @company)
# => [:create?, :update?]

Grabli.new.collect(@user, :company)
# => [:create?]

Let's say your app have a public Rest API. It may look like:

require 'grabli'

class Api::UsersController < ApplicationController
  def show
    @user = User.find(params[:id])
    authorize @user

    permissions = Grabli.new.collect(current_user, @user)

    render json: { user: @user.to_hash, permissions: permissions }
  end
end

You can then create a helper and use it across your app, for example:

# /app/controllers/application_controller.rb
require 'grabli'

class ApplicationController
  def collect_permissions_for(subject)
    Grabli.new.collect(current_user, subject)
  end
end


# /app/controllers/api/users_controller.rb
class Api::UsersController < ApplicationController
  def show
    @user = User.find(params[:id])
    authorize @user

    render json: { user: @user.to_hash, permissions: collect_permissions_for(@user) }
  end
end

Namespaced policies

If you have namespaced policies, something like

class User
  class PetPolicy < ApplicationPolicy
    def feed?
      true
    end
  end
end

You can specify the namespace by passing it to #new

Grabli.new(namespace: User).collect(@current_user, @pet)

Permissions lookup

While fetching permissions, Grabli looks for public instance methods defined on particular policy class. It means Grabli will ignore inherited and private permissions. It will also ignore all permitted_attributes methods on your policy.

Further plans

  1. Improve cases when subject is a Symbol

Since pundit policy doesn't limit the subject types it can be anything, even a Symbol.

Make Intruder a bit more clever proxy object which delegates to the subject and intercepts NoMethodError for cases when Symbol subject mean "no subject".

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/dikond/grabli.