Add permit_all_actions and forbid_all_actions matchers

Question

Add permit_all_actions and forbid_all_actions matchers

chrisalley opened this issue 7 years ago · 3 comments

I propose that we add two new matchers to test all of the actions in the policy at once. So instead of writing:

 it { is_expected.to permit_actions([:index, :show, :new, :edit, :create, :update, :destroy, :publish]) }

you could just write:

it { is_expected.to permit_all_actions }

Much nicer. forbid_all_actions would work the same way.

Answer 1 · 2018-05-26T11:40:57.000Z

@chrisalley ,

How much of an implementation pain do you think permit_mass_assignment_of_all_attributes and its forbid pair would be?

Handling columns like created_at and updated_at might get tricky, but we could develop a feature like this in a dumb way that throws an error whenever there's a case that's not simple?

Answer 2 · 2018-05-28T10:37:30.000Z

A forbid_mass_assignment_of_only(%i[created_at updated_at]) matcher would get around the last issue you mentioned. It's going to be hard to implement a check for all attributes because we need to check not only the top level attributes and their children, but potentially infinite levels of nested attributes (is there a limit?). I suggest we start by getting the API in #7 working and then expand it to work with an "all" matcher of some kind.

Answer 3 · 2023-02-15T16:30:56.000Z

I think this has been implemented in v1.8.0

https://github.com/punditcommunity/pundit-matchers/blob/main/CHANGELOG.md#180-2022-11-06