Enable Pundit authorization with namespaced decorators #7934
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #7934 +/- ##
=======================================
Coverage 99.10% 99.10%
=======================================
Files 140 140
Lines 4017 4019 +2
=======================================
+ Hits 3981 3983 +2
Misses 36 36 ☔ View full report in Codecov by Sentry. |
|
fwiw @rogerkk this would fix a similar issue I'm having with the |
|
@lukeasrodgers Ah, thanks for the verification! If you want to have a stab at making codecov happy, I'll be happy to share the glory ;) If not I'll see if I can set off some time do it and see if it's possible to get the attention of a maintainer. |
|
Changing state of this PR from a draft, in the hopes of attracting maintainer attention. 😅 Is there any interest in getting this into master? If so then I can put a little effort into improving the tests, rebasing and all that jazz. |
rogerkk
changed the title
|
Still eager to get a fix for this into |
I guess the testing could do with some love, and perhaps we should add tests for both namespaced and non-namespaced decorators. Am I on the right track here?
What
When retrieving auth policies and the subject is wrapped in a namespaced decorator, Pundit is not able to find the policy. My original issue with full description and code to reproduce is in issue #7933.
How
This fix makes use of
ResourceController::Decorators.undecorateto undecorate the target before asking pundit to fetch the policy.It does this in
PunditAdaper#policy_target, so as to have the fix affectPunditAdapter#retrieve_policywhich in turn is used byPunditAdapter#authorized.Unless I'm missing something the remaining public methods are not affected by the issue at hand.
Fixes #7933