You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a developer, when I want to do something like "only an organization owner can change the owner of a gem that is also owned by an organization", it's currently quite complex.
In owners_controller, right now we authorize ownership changes like this:
As a developer, when I want to do something like "only an organization owner can change the owner of a gem that is also owned by an organization", it's currently quite complex.
In owners_controller, right now we authorize ownership changes like this:
The problem is that this doesn't have any context about what action is happening. Is this adding ownership or removing or just viewing ownerships?
Using pundit (which is already added and used for Avo) we would need to change this so it authorizes creating, destroying or indexing ownerships.
List of controllers needing policies:
... Add more as needed
Note: We should continue to reserve admin related actions to
avo_action?
. An admin should not be allowed to, e.g. yank or add an owner outside of Avo.The text was updated successfully, but these errors were encountered: