You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This means that you define what the user can do, which results in clean, readable policies regardless of application complexity. You don't have to worry about juggling cans and cannots in a very convoluted way!
Based on the README, my understanding is that access to controller actions should raise an error if not specified in access_policy.rb. That doesn't seem to be the case in my example. I am setting current_user when User has not logged in yet and assigning a role = 'locked'.
Based on access_policy.rb, a user with a role of 'locked' should only be able to read from one specific action, however, in my example the user is allowed to perform any action, it appears that the application_policy is not being applied to this new user, not sure why.
Yes, I am specifying authorize! in each controller action.
class AccessPolicy
include AccessGranted::Policy
def configure
role :superhero do
can :manage, Company
can :index, Company
can :manage, Event
end
role :admin do
can :manage, User
can :manage, App
can :manage, Event
end
role :member do
can :index, App
can :index, User
can :index, Event
end
role :locked do
can :read, @page
end
end
end
The text was updated successfully, but these errors were encountered:
Based on the README, my understanding is that access to controller actions should raise an error if not specified in access_policy.rb. That doesn't seem to be the case in my example. I am setting current_user when User has not logged in yet and assigning a role = 'locked'.
Based on access_policy.rb, a user with a role of 'locked' should only be able to read from one specific action, however, in my example the user is allowed to perform any action, it appears that the application_policy is not being applied to this new user, not sure why.
Yes, I am specifying authorize! in each controller action.
application_controller.rb
user.rb
access_policy.rb
The text was updated successfully, but these errors were encountered: