-
Notifications
You must be signed in to change notification settings - Fork 1
How to authorise a user subtarget?
Adam Pahlevi Baihaqi edited this page Sep 24, 2015
·
3 revisions
A user/subtarget can be authorised whether he is given right to perform an action or not on a target.
Contrary to other gems such as CanCan(Can) or Pundit, which put authorisation on the user as follow:
some_user.can?(:edit, some_object)
In Bali, authorisation is done directly on the class/object itself:
My::Transaction.can?(user.roles, :edit)
@transaction.can?(:finance_user, :print)
transaction.can?("finance user", :print)
transaction.can?(@user, :edit)
transaction.can?(nil, :edit)Yes, basically, you do authorisation on the Class or the instance of that class. That is why a class or instance is called target whereby the user is subtarget.
There are an additional advantage when authorisation is done this way, that is:
- User can be a real user object (an instance of
My::Employeefor example) - User can be nil, that is when the user is not yet logged in, for example.
- User can be a String, that is, the role of the user ("finance") instead of passing the user object.
- User can be a Symbol, that is, the role of the user (:finance) instead of passing the user object itself.
- User can be an array of String or Symbol, to represent the multi-role, multi-access nature of the user.
Any attempt to can? for any undefined subtarget and operation will return false, so does any attempt to object cannot? on which will only return true for any rule.
Related/Recommended read: