Good morning guys I configured Pundit
# avo-2m
microscopic-dream-82397
08/05/2023, 2:25 PMGood morning guys. I configured Pundit with Devise in AVO and the default policy defined in ApplicationPolicy is not applied in models that do not have a policy. Model-specific policies function correctly. Could someone help me to correctly configure the default policy in the ApplicationPolicy?
l
lemon-wall-20836
08/05/2023, 7:57 PMthat is the default behavior
lemon-wall-20836
08/05/2023, 8:03 PMin order to have that default
ApplicationPolicym
microscopic-dream-82397
08/05/2023, 8:27 PMI expressed myself badly. I meant that the default policy is not applied at any time, if you assign false in the default policy for all actions (:Index, :create ...), and there is no specific policy for any model, I can browse all of them without problem the models. The default policy has no effect on the system. However, if you create a model-specific policy, putting the same content added in the default policy, false for all actions, the model-specific policy works normally. I would like the default policy to work for all models that have not created a specific policy.
l
lemon-wall-20836
08/05/2023, 8:42 PM> I would like the default policy to work for all models that have not created a specific policy.
that is not a feature in Avo
lemon-wall-20836
08/05/2023, 8:42 PMAvo requires a policy class for each resource in order to apply any authorization
lemon-wall-20836
08/05/2023, 8:42 PMthe alternative is to switch on this option
https://docs.avohq.io/2.0/authorization.html#raise-errors-when-policies-are-missing
lemon-wall-20836
08/05/2023, 8:46 PMhttps://cdn.discordapp.com/attachments/1137390980446826506/1137486718984011908/CleanShot_2023-08-05_at_22.42.522x.png▾
lemon-wall-20836
08/05/2023, 8:53 PMPS: this will still require you to create the policy files, but at least you'll get warned to do so
m
microscopic-dream-82397
08/06/2023, 12:03 AMThanks Adrian, the setting "config.raise_error_on_missing_policy = true" will help a lot, I was already using it. I'm creating a function to get the name of all the models and run rails generate avo:action in the Shell, to create them all at once.
microscopic-dream-82397
08/06/2023, 2:24 AMIrb (main)> ApplicationRecord.descendants.collect(&:name).each { |model| system("rails generate pundit:policy #{model} -s") }
l
lemon-wall-20836
08/06/2023, 5:04 AMThat’s the perfect solution
lemon-wall-20836
08/06/2023, 5:07 AMI know it’s a bit more verbose than just using ApplicationPolicy, but I think it’s going to have benefits over time with other developer that you onboar to your team. Instead of needing to learn another thing about Avo (that resources without a policy use the default ApplicationPolicy), they see the empty ones and automatically understand the permissions
l
loud-jewelry-99127
08/07/2023, 5:41 AMHello @microscopic-dream-82397, we have this custom policy feature where you can, for each resource, define what policy class to use. In your case, if you want a general policy for all or some of the resources you can configure it.
https://docs.avohq.io/2.0/authorization.html#custom-policies
Add this line on all the resources that you want to respect the
ApplicationPolicy Copy code
ruby
self.authorization_policy = ApplicationPolicym
microscopic-dream-82397
08/07/2023, 9:17 AMObrigado, Paul. Ajudará bastante na hora de agrupar as políticas
l
loud-jewelry-99127
08/07/2023, 9:19 AMDe nada 😄