Add ability for authorize to accept a lambda

[raldred]

Add the ability for authorize to accept a lambda as an authorization target would make it super flexible.
And could be used with custom middleware that uses a thread-isolated attributes singleton like that provided by ActiveSupport::CurrentAttributes

Something like...

class AuthSingleton < ActiveSupport::CurrentAttributes
   attribute :user
end

class PostPolicy < ActionPolicy::Base
  authorize :auth, -> { AuthSingleton.instance }

  def update?
    auth.user.admin? || (auth.user.id == record.user_id)
  end
end

Feels like this could be implemented relatively easily by allowing an additional proc option when initializing authorization_targets

[palkan]

That's an interesting idea.

Maybe, we should provide an ability to specify the default for the authorization context:

authorize :auth, default: proc { AuthSingleton.instance }
# or with a method name
authorize :auth, default: :auth_from_singleton

def auth_from_singleton
  AuthSingleton.instance
end

The second option could be useful if you want to override the default handler in a subclass.

WDYT?

[palkan]

Yeah, I like via 👍

[davidalejandroaguilar]

I think the authorize option you went for is through, right? However, we still can't do authorize :user, through: -> { Current.user }, unless I'm missing something?

[raldred]

No, through doesn't provide the functionality required, it wont accept a proc. I suppose my original suggestion could have been to extended through to support a proc, rather than introducing something new.

[davidalejandroaguilar]

Right. Should we allow through to accept a proc then? I can lend a hand if needed.

[palkan]

Thanks @davidalejandroaguilar, I'm open for contributions.

The only thing that I'm not sure about is what should this Proc accept? Or what's gonna be an execution context (e.g., #instance_exec)?