pundit (and rolify?)
guy, i have a burning question w.r.t. authorization: I've read the various wikis for Pundit and for Rolify, but here's my perhaps too-basic question: If instead of flat "roles" per se, I instead want to do something based on the subscription plan someone has subscribed to -- perhaps bronze, silver, gold -- how would I write a Policy that encompasses the idea that "Silver is everything a Silver can do specifically, plus anything a Bronze can do"? Ditto with Gold, though the moment GOld "inherits" Silver permissions, it would mean it also inherits Bronze permissions. So far I don't see how to handle this in a hierarchial way. Yet if I just write them out separately what happens if I end up with , say, a dozen different plans? (I'm gonna want some hierarchy!). thanks for any thoughts
Hey John, you can have the parent policy have a few methods that check for plans. Then you can other methods say say "isSilver" or 'isGold', or "isTier(:gold)?" that are called in the child policies. That method would call into the isSilver || isGold/etc. Therefore all of your logic is stored in the one policy that determines what a "gold" vs "silver" membership is.