avo
avo copied to clipboard
avo-hq
Fields authorization
Context
We need a better way to authorize fields, as using visible blocks is both difficult and cumbersome.
This feature is not about hiding or showing fields based on different views.
It won't handle cases where two fields share the same ID. Instead, users should use for_attribute.
The default behavior will simply hide both fields.
Approach
Implement a method, name to be decided, maybe avo_visible_fields
This method will return an array of fields that should be visible. If you don't use this method, no fields will be hidden, so there won't be any breaking changes. The method will have access to all standard policy objects (user, record). If no fields are to be shown, return an empty array.
class UserPolicy < ApplicationPolicy
def avo_visible_fields
fields = [
:first_name,
:last_name
]
if user.admin?
fields += [
:id,
:age
]
end
fields
end
end
Research
We need to explore how to make all fields visible except for a few specific ones, or alternatively, how to hide all fields except for a few.
class UserPolicy < ApplicationPolicy
def avo_visible_fields
if user.admin?
all
else
all(except: [:age, :id])
end
end
end
class UserPolicy < ApplicationPolicy
def avo_visible_fields
if user.admin?
none(except: [:age, :id])
else
none
end
end
end
