More from Sarah Chen

RSS

Composable “Policy Scope” without a Gem

4941 views

0 comments

                  class SnipPolicyScope
  def initialize(member, relation = Snip.all)
    @member = member
    @relation = relation
  end

  def resolve
    return @relation.where(public: true) unless @member
    @relation.where('public = ? OR author_id = ?', true, @member.id)
  end
end

                  class SnipsController < ApplicationController
  def index
    @snips = SnipPolicyScope.new(current_member).resolve.by_active.page(params[:page])
  end
end

Authorization libraries are great, but you can also build a lightweight policy scope. The key is to keep it composable: a single public method that returns an ActiveRecord::Relation and nothing else.

Sarah Chen

More from Sarah Chen

Composable “Policy Scope” without a Gem

0 Comments

More from Sarah Chen