jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

policies: remove current request from context.

Browse Source 
This refactors Pundit policies to only rely on the current user, not on
the current user and the current HTTP request. In retrospect, it was a
bad idea to include the current request in the Pundit context. It bleeds
out everywhere and there are many contexts (in tests and models) where
we only have the current user, not the current request. The previous
commit got rid of the only two places where we used it.
This commit is contained in:
evazion
2021-01-17 00:41:09 -06:00
parent 6671711784
commit 054ac51d47
13 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/policies/application_policy.rb
View File

@@ -1,8 +1,8 @@
class ApplicationPolicy
attr_reader :user, :request, :record
attr_reader :user, :record
def initialize(context, record)
@user, @request = context
def initialize(user, record)
@user = user
@record = record
end
@@ -43,7 +43,7 @@ class ApplicationPolicy
end
def policy(object)
Pundit.policy!([user, request], object)
Pundit.policy!(user, object)
end
def permitted_attributes
@@ -68,6 +68,7 @@ class ApplicationPolicy
# The list of attributes that are permitted to be returned by the API.
def api_attributes
# XXX allow inet
record.class.attribute_types.reject { |name, attr| attr.type.in?([:inet, :tsvector]) }.keys.map(&:to_sym)
end