Scope support

[palkan]

Provide ability to scope relations (e.g. ActiveRecord).

Defining scopes

class UserPolicy < ApplicationPolicy
   # use DSL for defining scopes
   # default scope
   scope do
     # this block is executed within a policy object,
     # so all the methods are available (e.g. authorization contexts)
     # `relation` is a passed to a helper object
     relation.joins(:accesses).where(accesses: { user_id: user.id })
   end

   # named scop
   scope :own do
     relation.where(user_id: user.id)
   end
end

Applying scopes

def index
  @posts = scoped(Post.all)
   
  # or
  
  @posts = scoped(Post.all, :own)
end

To discuss

• Is relation a good name for a passed scope within a policy?

• Is scoped a good name for a helper? I don't like Pundit's policy_scope, it's too verbose and doesn't sound like English, IMO.

[spdawson]

Is relation a good name for a passed scope within a policy?

👍

Is scoped a good name for a helper? I don't like Pundit's policy_scope, it's too verbose and doesn't sound like English, IMO.

Agree that policy_scope is not a very natural construction, but wonder if scoped is too "generic" sounding — it doesn't seem obvious enough that this is authorization-related... Maybe something like authorize_scope?

[palkan]

Maybe something like authorize_scope?

Hm, what about authorized_scope?

[spdawson]

authorized_scope?

I like this 👍

[aganov]

Is relation a good name for a passed scope within a policy?

👍

Is scoped a good name for a helper?

I like scoped more than authorized_scope, its shorter and easily rememberable. Or maybe just authorized(Post.all). I hope that you'll stick with one word...

[palkan]

Or maybe just authorized(Post.all). I hope that you'll will stick with one word...

Yep, I'm also for one word.

authorized makes sense; we can re-use it later for something else, e.g. for strong params:

def post_params
  authorized(params.require[:post])
end

[palkan]

This is what I've ended up with: https://gist.github.com/palkan/dbeceb454e75183b98c13cd4dbe5d9d3.

Need some time to digest it.

[rainerborene]

@palkan this is being used in production on any project of evil martians? I'm wondering when this will be merged into master.

[palkan]

@rainerborene we currently using our ad-hoc version which I want to generalize in the API/implementation proposed above.

[palkan]

I'm wondering when this will be merged into master

That’s number one on my “open-source debt” list)

I think, that will take me about 2-3 weeks. I had a busy schedule ‘till the middle of July(

[palkan]

Hey, everyone!

Looks like Scoping API is almost there (I've just merged #33).

Check out the docs: behaviour, scoping.

I plan to release it a little bit later along with other smaller features for 0.3.0 and after trying to play with it in production.
You can give master a try too)

[alaz]

I apologize for being so cruel to bother you right before the New Year's holidays. But still I would like to express my gratitude for the library and tell you that I am fascinated by "scopes" and willing to try this feature so much. Happy New Year and hoping to see 0.3 release soon in 2019! 🎉

[endverbraucher]

Hi!

I was little bit confused trying to use the scoping feature. I did read in the documentation about scoping and was trying to use it. Unfortunately it did take a while to realize that this feature isn't released yet.

Are there any plans to release this feature any time soon? And may be the docs should indicate that the feature isn't released yet!?

[palkan]

@endverbraucher

may be the docs should indicate that the feature isn't released yet

yep, definitely; added https://actionpolicy.evilmartians.io/#/scoping