Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can pundit policies be loaded from database?

I like the simplicity of Pundit gem and I would like to make policies dynamic by storing them to database.

Basically I'm looking for a way to be able to change policies without need to redeploy the application.

like image 703
LukasMac Avatar asked Dec 02 '16 22:12

LukasMac


1 Answers

1st way

Pundit policy is pure ruby code, so if you don't want to keep code inside database and evaluate it dynamically, I'd say the answer is no. It's unsafe. You may give it a go, though.

2nd way

But nothing prevents you from creating model which keeps rules in simple json and compare them using Pundit, e.g.:

class PostPolicy < ApplicationPolicy
  def update?
    access_setting = PolicySetting.find_by(key: self.class_name)
    user.role.in?(access_setting['roles'])
  end
end

Of course, complexity and flexibility of the tool directly depends on each other.

3rd way

Is just work around. You may set you authorisation project apart from the main one, so that it's deploys (zero-downtime, of course) would not affect the main big project.

4th way

Create your own DSL to be stored in Database

5th way

Use something like json-logic-ruby to store logic in database

like image 200
Nick Roz Avatar answered Oct 04 '22 07:10

Nick Roz