Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How we currently authorise our Trailblazer operations (pre policy support)
class Thing::Create < Trailblazer::Operation
def process(params)
validate(params[:referral]) do
authorize(params, model, :create?)
form.save
end
end
def setup_model!(params)
authorize params, model, :new? # Wouldn't be required for run, but no harm in doing it twice
end
def authorize(params, record, query=nil)
query ||= params[:action].to_s + "?"
policy = Pundit.policy(params[:user_context], record)
raise Pundit::NotAuthorizedError.new(query: query, record: record, policy: policy) unless policy.public_send(query)
end
end
@apotonick

This comment has been minimized.

Copy link

apotonick commented Sep 15, 2015

Yeah! That is identical to my implementation! 😄 https://github.com/apotonick/trailblazer/blob/master/lib/trailblazer/operation/policy.rb#L34

I love how you split your authentication into different steps. That was one of my main intentions when introducing the operation-wide policy object. It'll be cool to have that policy instance in forms, too, etc. Pretty sure a few more standards/conventions will evolve here shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.