When using the policy method to get an policy instance, we are only allow to pass a record. The PolicyFinder will take care of the instantiated record policy, but what if policy class needs to be overridden?
https://github.com/varvet/pundit/blob/9bd0f71ce8efc6645ce3166978e65d73092de8ab/lib/pundit.rb#L260-L262
Can we extend the policy method to act more similar to the authorize method with policy_class arg? Or maybe there is a preferred way of doing this?
Example:
<% if policy(@post, policy_class: RandomPostPolicy).update? %>
<%= link_to "Edit post", edit_post_path(@post) %>
<% end %>
Otherwise, just instantiate the needed policy or wrap/override pundits policy method?
<% if RandomPostPolicy.new(current_user, @post).update? %>
<%= link_to "Edit post", edit_post_path(@post) %>
<% end %>
Not sure if the change would be worth it or if theres a preferred way of handling. Happy to make a PR if supported.
I don鈥檛 see any need for it if you already know what policy you want anyway. Just instantiate it. :)
It鈥檚 useful for authorize since it鈥檚 doing some other things as well, like marking as authorized for instance.
I agree with Jay, of course you can instatiate it, but its not consistent with the authorize method. As the profect groes you might sometimes have nested routes, where you want to authorize the parent, but want the child policy to handle it
Most helpful comment
I don鈥檛 see any need for it if you already know what policy you want anyway. Just instantiate it. :)
It鈥檚 useful for authorize since it鈥檚 doing some other things as well, like marking as authorized for instance.