Rokku 2.0.0 released

sharing
1

Hi all,

as mentioned in the post about Tachiban, I released the authorization gem as well. Rokku 2.0.0 can now be used with Hanami 2.3 appsl.

2

Thanks for releasing this, Sebastjan! As the authorization gem I was using for my project apparently became unmaintained, I took a look at this today. This was, admittedly, very superficial look, but here’s some feedback/questions:

  1. The readme does not show a policy file, which was a bit surprising. Only after I generated one, I could see how it looks.
  2. Does it support non-CRUD actions? Is it enough to define e.g. lock? method in the policy for Lock action?
  3. How do you envision doing something more fine-grained, such as “I can edit if I’m admin or author of the article”? I understand that I can pass any object to authorized?, not necessarily a user, but then it’s automatically converted to just the list of roles inside the policy. Is there a way to provide some wider context? Or maybe you consider this out of scope of Rokku (which is fine too)?
3

Hi Paweł,

thank you for checking out Rokku and thank you for the feedback.

It’s quite embarrassing that I left out the policy file out of the documentation, given that it’s the basis for the functionality. I apologize. I’ll push a fix for that, but I’ll go over everything again first, just to be sure it’s all there. I was pressed for time, I needed 2.0 for my current app and I apparently released too soon; not an excuse, just the reason :slight_smile: .

Non-CRUD actions should work, Rokku is just testing against the namespace as it is, so adding lock? for Lock action would work. I have StatisticsReport::Index, but there so no real CRUD going on, I could have just used StatisticsReport::Report.

Maybe I could change the generator to allow for these scenarios:

  • create only default CRUD actions,
  • create default CRUD actions and optional custom actions,
  • create only custom actions.

Or a more simpler approach of:

  • create default CRUD actions and optional custom actions.

As for more fine-grained approach, I agree. Rokku should be enhanced. The current scope of functionality is a reflection of my current requirements. I did try out the approach you suggest in the past (0.5.1 I believe) with is_author?(object) so then I could do authorized?(@controller_name, @action_name) && is_author?(@task).

I would like to revisit this and provide more granular approach. I’ll try to do this in the scope of my current application I’m working on and prepare a proposal. Of course any suggestions are most welcome :slight_smile: .

1 Like