policy_class and policy usage

[mattzollinhofer]

Basic Issue

If I use a custom policy for authorization (ex: authorize @post, policy_class: SpecialPostPolicy) in my controller how do I use policy(@post) to get the same policy in my view? Here's an example.

Simple Use Case

Controller:

def show
  @user = authorize User.find(params[:id]), policy_class: SpecialPostPolicy
end

View:

<%# This won't use `SpecialPostPolicy`, it'll use `PostPolicy` %>
<% if policy(@post).update? %>
  <%= link_to "Edit post", edit_post_path(@post) %>
<% end %>

Additional Commentary

I believe that in a previous version of Pundit the authorize call would call the policy method that was mixed into the controller it was working in the context of. But when authorization was extracted, I think that link was broken. We'd used that "seam" to be able to override def policy in our controller which allowed both the authorize call and the view to use the same policy. It's unclear to me how to use the same custom policy now. I believe this comment is referring to a related idea.

[Burgestrand]

Hi @mattzollinhofer! I'd be interested in hearing your reaction to the following idea: #774

[sequielo]

I believe you should be able to manually instantiate the policy this way:

  <% if SpecialPostPolicy.new(pundit_user, @post).update? %>

Hope this helps for now.