Friday, October 5, 2018
again - taste and preference here.
-- my issue with `policy_scope(User)` in the view isn't that it is complex code, clearly it isn't.
it's more that I don't want my view to know or care about authorisation.
I think when you're talking about a select 'policy_scope(User).collect', you're asking the view to run the following
A) get a bunch of users
B) make sure you only get the ones you're allowed
C) do something with that info
I don't like having step B in the view, and would move that to the model (or if appropriate the controller).
then the view logic will be more like
A) take whatever thing I'm given
b) display something about that thing
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/191a9289-750b-4b52-8fb2-219717ec9acb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment