johno / pundit Goto Github PK
View Code? Open in Web Editor NEW[WIP] Minimal authorisation through a plain old JavaScript object.
License: MIT License
[WIP] Minimal authorisation through a plain old JavaScript object.
License: MIT License
Currently we're including too much code in the package itself, including both dist
and src
directories. The way the node_modules
subfolder is structured means that we cannot import from the pundit
package directly.
index.js
should be included in the root of the packageimport { Policy, When, PunditProvider } from 'pundit/dist/pundit.mjs'
should become import { Policy, When, PunditProvider } from 'pundit'
Following the discussion in #41, it would be simpler to be able to define actions without explicitly defining an actions map, e.g.
class PostPolicy extends Policy {
user: AuthorisableUser
record: AuthorisablePost
constructor(user: AuthorisableUser, record: AuthorisablePost) {
super(user, record)
}
view(): boolean {
return true
}
publish(): boolean {
return this.user.id === this.record.userId
}
destroy(): boolean {
return this.user.isAdmin
}
}
Hi @johno, want to use your solution in my project, but for some reason, it doesn't work.
What I did:
import React, { useEffect } from "react";
...
import { Policy, When } from "pundit";
export default function Landing() {
const { user } = useAuth()
const landingPolicy = new Policy();
useEffect(() => {
if(user) {
landingPolicy.add("create", (user, record) => user.pioneer);
}
}, [user]);
return(
<When can="create" user={user} policy={landingPolicy} record={"landing"}>
<div>
<Link to="/create">Create</Link>
</div>
</When>
);
}
It doesn't show me my link. Even if I replace user.pioneer
with true
Maybe you see an issue with my setup. We can later improve README, so others will understand how to use it with React.
v0.1.0
Currently to include multiple JSX elements inside of a When block it requires us to wrap the elements inside of a React fragment:
<When can="edit">
<>
<button type="button">Edit</button>
<button type="button">Publish</button>
</>
</When>
It would be cleaner to nest these within <When />
directly, e.g.
<When can="edit">
<button type="button">Edit</button>
<button type="button">Publish</button>
</When>
In order to make policy tests less verbose, it would be useful to include some Jest matchers, similar to what we have in Pundit Matchers.
I don't think we need to reproduce the whole Pundit Matchers API, which follows a "There's more than one way to do it" / TMTOWTDI approach. A subset of permitOnlyActions
, permitAllActions
, and permitActions
to begin with would cover most scenarios.
Initially I could add some matchers to the existing codebase/package, with the intent to split them into a seperate package once we've moved to pnpm workspaces.
@johno any thoughts here?
It would be great if it were possible to generate the JS/TS policies based on the ruby ones.
What do people think about that idea?
Currently, the pundit
package does not require 2FA to publish:
I suggest we change this to the highest level of security, "Require two-factor authentication and disallow tokens". Do you concur @johno?
Hi @johno,
Chris Alley, author of the Pundit Matchers gem here. I'm a TypeScript developer who is reviewing options for creating "Pundit for JavaScript" that would be used in at least one production application. Rather than creating more fragmentation on npm, I'm interested in adopting or helping to maintain this package.
Some ideas that I have to improve the project include:
@pundit/react
. This would give us the option to create other integrations for Svelte, Vue, etc without increasing the size of the package.Please let me know what your thoughts are. Would this be a welcome future for the project, or better suited to a seperate project?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.