gdpr_rails icon indicating copy to clipboard operation
gdpr_rails copied to clipboard

Published 20 hours ago verified publisher icon prey

current_user when not using Devise

Open sapientpants opened this issue 7 years ago • 3 comments
trafficstars

Any thoughts as to how current_user should be made available when Devise (and hence its helper that generates current_user) isn't being used?

I'm happy to work on this, but wanted to ask if anyone has an idea for how this should be done.

sapientpants avatar May 07 '18 17:05 sapientpants

hello, in fact we do not use devise, however we thought that many integrations of this library would. In general, authentication libraries have a helper method called current_user. therefore it's integration into this library is given by the injection of that helper into policy manager application controller, as it is in the readme example. I think that is the easiest way to integrate it. Do you have any idea on how to make that integration simpler or more elegant? If so, we will glad to discuss it's design

Best!

El lun., 7 de may. de 2018 2:27 p. m., sapientpants < [email protected]> escribió:

Any thoughts as to how current_user should be made available when Devise (and hence its helper that generates current_user) isn't being used?

I'm happy to work on this, but wanted to ask if anyone has an idea for how this should be done.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/prey/gdpr_rails/issues/10, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAuyGUuUD-QzDvwYYffP9YRkWSkNMriks5twIQcgaJpZM4T1Vnz .

michelson avatar May 07 '18 19:05 michelson

Off the top of my head I can think of two approaches.

  1. Refactor my application to move current_user from my ApplicationController into a concern that can be then included in my ApplicationController and injected into the GDPR one similar to the Devise approach.
  2. Passing a lambda in via the Config object.

I include option 2 for completeness as it seems even less elegant than option 1 which itself is not particularly nice.

It'd be nice if GDPR could just use current_user from my ApplicationController without me having to do anything extra.

sapientpants avatar May 07 '18 20:05 sapientpants

This is also a problem for Devise users that use a model other than User for authentication. If you're authenticating a Person, for example, Devise creates current_person instead of current_user.

I've worked around this by creating a controller concern (app/controllers/concerns/auth_helpers.rb):

module AuthHelpers
  extend ActiveSupport::Concern

  def current_user
    current_person # assumes the Devise helpers are also included
  end
end

and I include this in the PolicyManager ApplicationController (in config/initializers/gdpr.rb):

PolicyManager::ApplicationController.send(:include, AuthHelpers)

viamin avatar May 24 '18 16:05 viamin