Rework capabilities to avoid assumptions about missing tokens
The logic about missing tokens implying logged in users (and that all logged in users have access to any method protected by a token capability) is correct. However, I believe it is both confusing and brittle, and leaves a security-related door ajar for future foot-gun incidents. Instead, apply Abilities as normal, and keep the Capabilities involvement only for situations where a token is provided. This reduces the cognitive burden when considering Abilities in isolation.
This commit is contained in:
Andy Allan
parent
a50ad1c895
commit
71b21ec473
4 changed files with 3 additions and 13 deletions
|
|
@ -54,12 +54,4 @@ class AdministratorAbilityTest < AbilityTest
|
|||
assert ability.can?(action, DiaryComment), "should be able to #{action} DiaryComment"
|
||||
end
|
||||
end
|
||||
|
||||
test "administrator does not auto-grant user preferences" do
|
||||
ability = Ability.new create(:administrator_user)
|
||||
|
||||
[:read, :read_one, :update, :update_one, :delete_one].each do |act|
|
||||
assert ability.cannot? act, UserPreference
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue