Note: please note that this is a note to self and not a bug in the gem.

The current definition of a role implies that the same scoping rules apply for every action a role can do. A counterexample that breaks this assumption is “a writer should be able to see everyone’s reports but only edit his”. In this case, the writer is both allowed to view and to edit reports, but the scoping rules that apply for the actions are different (Scope By User: “all” and “mine”) respectively.

This use case can still be handled by creating 2 roles “all content reader” and “own content editor” and assigning them both to writer users. However, the clarity of the structure suffers. Alternatively, if these cases are not prevalent, developers can choose to handle them by hand.

Request from the community to natively support these types of use cases are expected. However, it is still too early to tell the extent of the support required and waiting to hear back from the community is advisable.

Additionally, the role composition feature which is a candidate for the pipeline could solve this issue altogether.

Problem

The command rails g authz:installcopies the internal Authz migrations into the host application. The user is then prompted to run rails db:migrateto setup all the tables that are required by Authz.

The problem is that all Authz migrations have a hardcoded < ActiveRecord::Migration[5.2] that does not adapt to the host's Rails version.

Hello, thanks for this gem, it fits perfectly with what my team wants, but I am having issues with implementing it in the API we have. Using the demo app as a guide, alongside the documentation of the gem, I have been able to create a business process, role and controller actions. I was also able to assign the role to a user that I have in my DB. But when I try to access the resource that the user assigned role has access to I get a 500 status error, I am unsure where that's coming from.
Here is what my application_controller.rb file looks like.

class ApplicationController < ActionController::API
  # include MailerUrlHelper
  # before_action :set_mailer_url_options, if: :devise_controller?
  include DeviseTokenAuth::Concerns::SetUserByToken
  before_action :configure_permitted_parameters, if: :devise_controller?
  include ActionController::Helpers

  before_action :authenticate_api_v1_user! # Typical for devise
  include Authz::Controllers::AuthorizationManager
  rescue_from Authz::Controllers::AuthorizationManager::NotAuthorized, with: :unauthorized_handler

  helper_method :current_user_authz

  private

  def current_user_authz
    current_api_v1_user.try(:user)
  end

  protected

  def configure_permitted_parameters
    keys = %i[full_name work_phone company_role role team_size phone_number]
    devise_parameter_sanitizer.permit(:sign_up, keys: keys)
    devise_parameter_sanitizer.permit(:account_update, keys: keys)
  end

  def unauthorized_handler
    msg = 'Ooops! It seems that you are not authorized to do that!'
    render json: { success: false, response: msg }
  end
end

Here is the controller action

def index
	authorize skip_scoping: true
    data = ::V1::TaskParam.new(params).index
    @tasks = Campaigns::Task.includes(assignee: :user).where(data).before(with_cursor).limit(per_page)
    render json: ::V1::TaskSerializer.new(@tasks, index_options).serializable_hash
end

I didn't tamper with the configuration file. Any idea what I could possibly be doing wrong? Thanks.

Unsure what would cause this, but rails won't even boot. Using Rails5. Let me know what information would be helpful in troubleshooting this.