Policy scopes for different actions

[Floppy]

I feel like policy scopes should be able to handle different levels of permission for different actions, and I wonder if I'm missing something.

Let's say we have an app where people can show off their pets.

• Alice has a pet cat; she can view the data for her cat and edit it too.
• Bob can view Alice's cat, but not edit the data. It's not his cat.

When Alice is logged in, policy_scope(Pet) should include her cat, of course. BUT, when Bob is logged in, should it? He can see the cat, but not edit. It comes down to why we're calling policy_scope, but I can't see that that's a thing it can handle at the moment.

Obviously in the policy itself, we can check if Bob can edit the cat, which will be denied, but we can't tell that through the scope, so we'd have to check the individual capability before rendering Bob's list of editable pets.

I think this comes down to having the ability to pass an extra argument to policy_scope, so you can do things like policy_scope(Pet, :edit) and then have it available in the resolve method to adapt your query to.

Is that right? Am I thinking about scopes wrong? Should they be able to answer the question "show me all the pets I can edit?". Does it, in fact, already handle this and I've just missed something really obvious?

Note: this has come up because I'm using a ReBAC approach to object sharing - anyone can share different levels of permission to their content to anyone else in a very granular way, like Google docs; I've written it into a gem called Caber which works nicely with Pundit.

[Burgestrand]

Is that right? Am I thinking about scopes wrong? Should they be able to answer the question "show me all the pets I can edit?". Does it, in fact, already handle this and I've just missed something really obvious?

This issue might be of interest: #368

I haven't dug into this particular issue in a while, so take this summary with a large grain of salt:

• use different scopes (i.e. ShowScope and EditScope)
• use different methods on the scope (e.g. Scope#show, Scope#edit)

These suggestions encourage separating different concepts by mapping each concept to one scope/method. Pundit doesn't have an opinion on which one you should use, or how to approach it. Luckily Pundit is effectively a small collection helpers so there's room to do this on your own.

I'd like to add an implementation/opinion on this some day. I have the intention to resolve all open issues and PRs, but I'm extremely mindful about backwards compatibility. I also don't want to increase velocity in a specific direction until the number of open issues and PRs come closer to 0.

Finally, there's one opinion that Pundit does have and that is: don't pass arguments to resolve. It makes it too easy to accidentally mix multiple concepts into the same scope, and that is discouraged.

[Floppy]

Ah, great, that discussion is really useful. There's a few approaches I could take, and I can roll my own helper to replace policy_scope with something that calls a different method or scope class. That works! Thank you :)

[Burgestrand]

That's great! Thank you for marking the answer too, hopefully it helps others!