Comments (5)
Hey @jrochkind! You are correct, there was an example of cannot
but it got mistakenly removed along the way 😱
from access-granted.
Thanks! I actually could really use a cannot example!
I tried looking through README history, this seems to be the last version that still has a cannot
in it... but I don't totally understand it.
https://github.com/chaps-io/access-granted/blob/d0079b7648fe60a2341b914727189a9c67d44df9/README.md
from access-granted.
Okay so I'll try to explain it here, and if it makes sense I'll put it in README:
tldr; Access Granted traverses roles top to bottom, as soon as it finds a matching can
/cannot
in one of the roles it stops looking at the roles below it.
In the example below let's assume we want to disallow banned members from posting (and only from posting) on our forum:
role :banned, { is_banned: true } do
cannot :create, Post
end
role :member do
can :create, Post
# (some other permissions here)
end
end
we put :banned
above the regular role so it take can precedence over the regular role below (:member
).
Steps of the logic would look as follows:
- You execute
can?(:create, Post)
- AG starts iterating over defined roles.
- first we check the role
:banned
- does it have a permission defined for
:create
and modelPost
? - yes it does so we use that and stop looking at roles below it
- AG returns result of
can?(:create, Post)
which isfalse
, becausecannot
is a negative.
from access-granted.
This is actually quite helpful, yeah. It explains what you mean by about the importance of order too, which I was confused about too. "as soon as it finds a matching can/cannot in one of the roles it stops looking at the roles below it." -- that's the important part. Thanks!
from access-granted.
Glad I could help 👍
from access-granted.
Related Issues (20)
- Permissions with blocks work too persmissive (block is ignored) HOT 4
- Replacement for accessible_by HOT 9
- Can we use with `gem 'role_model'` HOT 5
- Block in role always evaluating true HOT 5
- Caching accesses. HOT 4
- errors with non-logged in users HOT 3
- Error when there is no user logged in HOT 1
- Able to access protected controller actions HOT 2
- permission always uses conditions hash when passed a Class as subject HOT 7
- Higher level roles do not seem to inherit from lower level roles HOT 15
- Support for introspection HOT 11
- Object and Subobject HOT 1
- Feature request: special handling for nil current_user? HOT 16
- How to setup access_policy.rb when roles are not part of a user model? HOT 3
- Support for :all HOT 1
- Undefined method with ViewComponents HOT 4
- class inheritance, and class as test subject HOT 4
- Class vs Instance subjects HOT 7
- Is this project dead? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from access-granted.