Rules compressions

Your rules are optimized automatically at runtime. There are a set of "rules" to optimize your rules definition and they are implemented in the RulesCompressor class. Here you can see how this works:

A rule without conditions is defined as catch_all.

A catch_all rule, eliminates all previous rules and all subsequent rules of the same type

can :read, Book, author_id: user.id
cannot :read, Book, private: true
can :read, Book
can :read, Book, id: 1
cannot :read, Book, private: true

becomes

can :read, Book
cannot :read, Book, private: true

If a catch_all cannot rule is first, it can be removed

cannot :read, Book
can :read, Book, author_id: user.id

becomes

can :read, Book, author_id: user.id

If all rules are cannot rules, this is equivalent to no rules

cannot :read, Book, private: true

becomes

# nothing

These optimizations allow you to follow the strategy of "Give Permissions, don't take them" and automatically ignore previous rules when they are not needed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Rules-compression.md

Rules-compression.md

Rules compressions

A catch_all rule, eliminates all previous rules and all subsequent rules of the same type

If a catch_all cannot rule is first, it can be removed

If all rules are cannot rules, this is equivalent to no rules

Files

Rules-compression.md

Latest commit

History

Rules-compression.md

File metadata and controls

Rules compressions

A catch_all rule, eliminates all previous rules and all subsequent rules of the same type

If a catch_all cannot rule is first, it can be removed

If all rules are cannot rules, this is equivalent to no rules