Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Intersection use case - authorize a user who has an allowed role/ability
class PaymentsController < AuthenticatedController
before_action { authorize!(roles: [:superuser], abilities: [:charge_user, :manage_payments]) }
class AuthenticatedController < ApplicationController
def authorize!(roles: [], abilities: [])
# current
(roles & current_user.roles).any? || (abilities & current_user.abilities).any?
# desired
roles.intersect?(current_user.roles) || abilities.intersect?(current_user.abilities)

This comment has been minimized.

Copy link
Owner Author

@travisofthenorth travisofthenorth commented Oct 7, 2018

The current behavior creates an intermediate array for both intersection tests when the resulting array is clearly not needed.

With the desired behavior, we could avoid creating the intermediate array and produce a faster best case runtime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment