New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Pundit authorization with namespaced decorators #7934
base: master
Are you sure you want to change the base?
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #7934 +/- ##
=======================================
Coverage 99.10% 99.10%
=======================================
Files 140 140
Lines 4017 4019 +2
=======================================
+ Hits 3981 3983 +2
Misses 36 36 ☔ View full report in Codecov by Sentry. |
fwiw @rogerkk this would fix a similar issue I'm having with the |
@lukeasrodgers Ah, thanks for the verification! If you want to have a stab at making codecov happy, I'll be happy to share the glory ;) If not I'll see if I can set off some time do it and see if it's possible to get the attention of a maintainer. |
Changing state of this PR from a draft, in the hopes of attracting maintainer attention. 😅 Is there any interest in getting this into master? If so then I can put a little effort into improving the tests, rebasing and all that jazz. |
Still eager to get a fix for this into |
I guess the testing could do with some love, and perhaps we should add tests for both namespaced and non-namespaced decorators. Am I on the right track here?
What
When retrieving auth policies and the subject is wrapped in a namespaced decorator, Pundit is not able to find the policy. My original issue with full description and code to reproduce is in issue #7933.
How
This fix makes use of
ResourceController::Decorators.undecorate
to undecorate the target before asking pundit to fetch the policy.It does this in
PunditAdaper#policy_target
, so as to have the fix affectPunditAdapter#retrieve_policy
which in turn is used byPunditAdapter#authorized
.Unless I'm missing something the remaining public methods are not affected by the issue at hand.
Fixes #7933