cancancan icon indicating copy to clipboard operation
cancancan copied to clipboard
verified publisher icon CanCanCommunity

authorize! no longer returns the authorized resource

Open walterdavis opened this issue 3 years ago • 0 comments

Steps to reproduce

Using CanCanCan 3.1.0, under Rails 6.0.x, this line in my titles controller returned a fully formed Excel document (using spreadsheet_architect):

format.xlsx { render xlsx: authorize!(Title.order(:sort_title), :index) }

Using CanCanCan 3.3.0 and Rails 7.0.x, that same code returned a malformed XLSX document (basically a plain text file containing only the word 'index' with an xlsx file-type extension).

I needed to make the following change to get the same result:

  format.xlsx { render xlsx: titles_for_excel }
...
  def titles_for_excel
    authorize!(Title, :index)
    Title.order(:sort_title)
  end

While this is arguably better code, I wonder what may have changed that made the return from authorize! no longer include the authorized contents.

Expected behavior

authorize! as a wrapper around a scope or query should return that query, authorized and ready for use.

Actual behavior

The authorize! method only appears to work indirectly -- setting the scope up as authorized, but not returning any results besides the authorized verb.

System configuration

Rails version: 6.0.x (may have also worked under 6.1.x, didn't test specifically along the way) -> 7.0.x Ruby version: 2.7.6 -> 3.0.4

CanCanCan version 3.1.0 --> 3.3.0

walterdavis avatar May 19 '22 13:05 walterdavis