-
Robert Speicher authored
Refactor ability.rb into Policies Factors out `ability.rb` into a new abstraction - the "policy" (stored in `app/policies`). A policy is a class named `#{class_name}Policy` (looked up automatically as needed) that implements `rules` as follows: ``` ruby class ThingPolicy < BasePolicy def rules @user # this is a user to determine abilities for, optionally nil in the anonymous case @subject # this is the subject of the ability, guaranteed to be an instance of `Thing` can! :some_ability # grant the :some_ability permission cannot! :some_ability # ensure that :some_ability is not allowed. this overrides any `can!` that is called before or after delegate! @subject.other_thing # merge the abilities (can!) and prohibitions (cannot!) from `@subject.other_thing` can? :some_ability # test whether, so far, :some_ability is allowed end def anonymous_rules # optional. if not implemented `rules` is called where `@user` is nil. otherwise this method is called when `@user` is nil. end end ``` See merge request !5796
a7657098