Git Product home page Git Product logo

Comments (5)

pokonski avatar pokonski commented on May 22, 2024

Hey @jrochkind! You are correct, there was an example of cannot but it got mistakenly removed along the way 😱

from access-granted.

jrochkind avatar jrochkind commented on May 22, 2024

Thanks! I actually could really use a cannot example!

I tried looking through README history, this seems to be the last version that still has a cannot in it... but I don't totally understand it.

https://github.com/chaps-io/access-granted/blob/d0079b7648fe60a2341b914727189a9c67d44df9/README.md

from access-granted.

pokonski avatar pokonski commented on May 22, 2024

Okay so I'll try to explain it here, and if it makes sense I'll put it in README:

tldr; Access Granted traverses roles top to bottom, as soon as it finds a matching can/cannot in one of the roles it stops looking at the roles below it.

In the example below let's assume we want to disallow banned members from posting (and only from posting) on our forum:

            role :banned, { is_banned: true } do
              cannot :create, Post
            end

            role :member do
              can :create, Post
              # (some other permissions here)
            end
          end

we put :banned above the regular role so it take can precedence over the regular role below (:member).

Steps of the logic would look as follows:

  1. You execute can?(:create, Post)
  2. AG starts iterating over defined roles.
  3. first we check the role :banned
  4. does it have a permission defined for :create and model Post?
  5. yes it does so we use that and stop looking at roles below it
  6. AG returns result of can?(:create, Post) which is false, because cannot is a negative.

from access-granted.

jrochkind avatar jrochkind commented on May 22, 2024

This is actually quite helpful, yeah. It explains what you mean by about the importance of order too, which I was confused about too. "as soon as it finds a matching can/cannot in one of the roles it stops looking at the roles below it." -- that's the important part. Thanks!

from access-granted.

pokonski avatar pokonski commented on May 22, 2024

Glad I could help 👍

from access-granted.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.