avo icon indicating copy to clipboard operation
avo copied to clipboard

Published 20 hours ago verified publisher icon avo-hq

Issue with hiding the "Edit" button for `has_one` when viewing associations in Show view

Open icaroryan opened this issue 8 months ago • 0 comments

Description:

Sometimes, I only want resources to be editable on their own page, not through another resource's association. According to the documentation, it is possible to hide these buttons with Pundit policies, but it doesn't work for the edit button.

Details:

I have a has_one association, and in the show view, you can see the 'Detach', 'Destroy', and 'Edit' buttons. I managed to remove the 'Detach' and 'Destroy' buttons through my resource policies (detach_{association}? and destroy_{association}?), but it doesn’t work for the 'Edit' button. I have the edit_{association}? permission set to false, just like the others, but nothing happens.

The associated resource itself has the edit policy set to true, and I'm trying to override that for my resource. When debugging, I noticed that the edit_{association}? permission doesn't get called; instead, the edit? from the association gets called.

Not sure if I’m missing something.

Simplified files

Foo Model

class Foo < ApplicationRecord
  belongs_to :baz, optional: true

  has_one :bar, through: :baz
end

Foo Resource

class Avo::Resources::Foo < Avo::BaseResource
  def fields
    field :bar, as: :has_one
  end
end

Foo Policy

class FooPolicy < ApplicationPolicy
  # This doesn't do anything
  def edit_bar? = false

  # But these ones do
  def destroy_bar? = false 
  def detach_bar? = false
end

Bar Policy

The only way to make the edit button disappear in the association view in Foo is if I return false in BarPolicy, but this would affect the Bar resource.

class BarPolicy < ApplicationPolicy
  # This gets called instead of the one from foo (wrong)
  def edit? = true
  
  # This doesn't get called because foo overrides it (correct)
  def destroy? = true
end

Expected Behavior:

The edit_{association}? method in FooPolicy should be called to determine the visibility of the ‘Edit’ button for the bar association in the Foo resource’s show view.

Actual Behavior:

The edit_{association}? method is not called. Instead, the edit? method from BarPolicy is called, affecting the Bar resource directly.

Before policies: image

After policies: See that 'Edit' doesn't disappear image

Steps to Reproduce:

  1. Set up a has_one association in a model (Foo) as shown.
  2. Define resource and policy files for Foo and Bar as provided.
  3. Attempt to use edit_{association}? in FooPolicy to hide the ‘Edit’ button in the Foo resource’s show view.

Additional Notes:

  • The destroy_{association}? and detach_{association}? policies work as expected.
  • The issue seems specific to the ‘Edit’ button’s visibility when viewing associations

Any guidance or solution to ensure the edit_{association}? method is called for the association view would be greatly appreciated.

Thank you!

icaroryan avatar Jun 20 '24 22:06 icaroryan