jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

policies: remove current request from context.

Browse Source 
This refactors Pundit policies to only rely on the current user, not on
the current user and the current HTTP request. In retrospect, it was a
bad idea to include the current request in the Pundit context. It bleeds
out everywhere and there are many contexts (in tests and models) where
we only have the current user, not the current request. The previous
commit got rid of the only two places where we used it.
This commit is contained in:
evazion
2021-01-17 00:41:09 -06:00
parent 6671711784
commit 054ac51d47
13 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/application_record.rb
View File

@@ -57,13 +57,13 @@ class ApplicationRecord < ActiveRecord::Base
# XXX deprecated, shouldn't expose this as an instance method.
def api_attributes(user: CurrentUser.user)
policy = Pundit.policy([user, nil], self) || ApplicationPolicy.new([user, nil], self)
policy = Pundit.policy(user, self) || ApplicationPolicy.new(user, self)
policy.api_attributes
end
# XXX deprecated, shouldn't expose this as an instance method.
def html_data_attributes(user: CurrentUser.user)
policy = Pundit.policy([user, nil], self) || ApplicationPolicy.new([user, nil], self)
policy = Pundit.policy(user, self) || ApplicationPolicy.new(user, self)
policy.html_data_attributes
end