Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Enable Pundit authorization with namespaced decorators#7934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
rogerkk wants to merge1 commit intoactiveadmin:master
base:master
Choose a base branch
Loading
fromrogerkk:master

Conversation

@rogerkk
Copy link
Contributor

@rogerkkrogerkk commentedApr 24, 2023
edited
Loading

I guess the testing could do with some love, and perhaps we should add tests for both namespaced and non-namespaced decorators. Am I on the right track here?

What

When retrieving auth policies and the subject is wrapped in a namespaced decorator, Pundit is not able to find the policy. My original issue with full description and code to reproduce is in issue#7933.

How

This fix makes use ofResourceController::Decorators.undecorate to undecorate the target before asking pundit to fetch the policy.

It does this inPunditAdaper#policy_target, so as to have the fix affectPunditAdapter#retrieve_policy which in turn is used byPunditAdapter#authorized.

Unless I'm missing something the remaining public methods are not affected by the issue at hand.

Fixes#7933

@codecov
Copy link

codecovbot commentedApr 24, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.11%. Comparing base(ab49cb8) to head(3c5c9b5).

Additional details and impacted files
@@           Coverage Diff           @@##           master    #7934   +/-   ##=======================================  Coverage   99.11%   99.11%           =======================================  Files         141      141             Lines        4073     4075    +2     =======================================+ Hits         4037     4039    +2  Misses         36       36

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report?Share it here.

@lukeasrodgers
Copy link

fwiw@rogerkk this would fix a similar issue I'm having with theCanCanAdapter, have been working around it by implementing customauthorized? logic that usessubject.try(:decorated?) but I think usingundecorate is better

@rogerkk
Copy link
ContributorAuthor

@lukeasrodgers Ah, thanks for the verification!

If you want to have a stab at making codecov happy, I'll be happy to share the glory ;) If not I'll see if I can set off some time do it and see if it's possible to get the attention of a maintainer.

@rogerkkrogerkk marked this pull request as ready for reviewJuly 27, 2023 10:17
@rogerkk
Copy link
ContributorAuthor

rogerkk commentedJul 27, 2023
edited
Loading

Changing state of this PR from a draft, in the hopes of attracting maintainer attention. 😅

Is there any interest in getting this into master? If so then I can put a little effort into improving the tests, rebasing and all that jazz.

@rogerkkrogerkk changed the titleMake sure Pundit auth policy target is undecoratedEnable Pundit authorization with namespaced decoratorsOct 11, 2023
@rogerkkrogerkk reopened thisJan 11, 2024
@rogerkk
Copy link
ContributorAuthor

rogerkk commentedJan 11, 2024
edited
Loading

Still eager to get a fix for this intomaster

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Authorization fails with Admin namespaced decorator

2 participants

@rogerkk@lukeasrodgers
[8]ページ先頭
©2009-2025 Movatter.jp