kobaltzPRO

Joined 7/18/2015
kobaltz PRO said almost 3 years ago:

They are very similar. However, not every application needs pundit. Sometimes a simple role based authorization is sufficient. While I love using a number of gems, it is sometimes better to roll your own solution as it will be something that you can better maintain. Regardless, this episode is meant to show the extraction of strong parameters and allow them to do something a bit more complex. I'll be covering pundit in depth in a future episode.

Personally, I try not to rely on before_actions for security. In some instances, it makes sense. In your example, I would have something similar in an admin namespace. However, I would still build out the proper authorizations in the admin namespace as it would allow for easier expansion down the road. For example, if I have two roles, admin and user, but later want to add a maintainer with certain access within the admin namespace, the framework is already created for the admin and would need to be expanded for a maintainer role.

Overall, I still prefer the extraction of the strong parameters as I have displayed as it allows for the code to be better compartmentalized. However, when compared to Pundit's strong params approach, it is most likely a matter of preference.

kobaltz PRO said almost 3 years ago:

Check out the show notes for an update to the code. Thank you /u/danshep for pointing this out. https://www.reddit.com/r/ruby/...

kobaltz PRO said almost 3 years ago:

You are absolutely correct. In the tutorials, I do like indicating self` as it is more clear where we are calling the methods from instead of a separate helper or extension outside of the model we're working with. For anyone who wants to see the available options for ActiveRecord::Dirty be sure to read up on them here http://api.rubyonrails.org/cla....

kobaltz PRO said almost 3 years ago:

I hope to get it recorded this weekend.