-
-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization fails with Admin namespaced decorator #7933
Comments
rogerkk
changed the title
Pundit authorization fails when using Admin namespaced decorator
Authorization fails when using Admin namespaced decorator
Apr 24, 2023
rogerkk
changed the title
Authorization fails when using Admin namespaced decorator
Authorization fails with Admin namespaced decorator
Apr 24, 2023
rogerkk
added a commit
to rogerkk/activeadmin
that referenced
this issue
Apr 24, 2023
When retrieving auth policies it is unfortunate if the policy is wrapped in a decorator. This uses an existing undecoration method to undecorate the target before asking pundit to fetch the policy. Related to activeadmin#7933
rogerkk
added a commit
to rogerkk/activeadmin
that referenced
this issue
Apr 24, 2023
When retrieving auth policies it is unfortunate if the policy is wrapped in a decorator. This uses an existing undecoration method to undecorate the target before asking pundit to fetch the policy. Related to activeadmin#7933
rogerkk
added a commit
to rogerkk/activeadmin
that referenced
this issue
Oct 11, 2023
When retrieving auth policies it is unfortunate if the policy is wrapped in a decorator. This uses an existing undecoration method to undecorate the target before asking pundit to fetch the policy. Related to activeadmin#7933
@rogerkk what would this look like in the app, path wise? Instead of declaring policy objects in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a working Pundit setup, but I'm now trying to put my pundit policies under the
Admin
namespace (config.pundit_policy_namespace = :admin
).I'm decorating some objects with a decorator class that is also in the
Admin
namespace, and this seems to cause authorization to fail.I suspect that this line in
PunditAdapter#namespace
is where things go sour since it's passed an instance of the (namespaced) decorator.Could a possible fix here be to make sure to undecorate any resource passed to
AuthorizationAdapter#initialize
, for example usingResourceController::Decorators.undecorate(resource)?
Expected behavior
When calling
PunditAdapter#authorized?
the return value should be based on the policy for the decorated resource.Actual behavior
PunditAdapter#authorized?
looks for a policy for the decorator class, not finding it, and thus ends up raising an error (or basing the return value on the default policy, if defined).How to reproduce
I've set up a template below that tests 3 cases:
Admin
namespace ( ❌ pundit can't find policy )The text was updated successfully, but these errors were encountered: