Find and handle undeclared policy keys
The problem
[10] pry(main)> Ability.allowed?(user, :something_obviously_not_existing, project)
=> false
[11] pry(main)> Ability.allowed?(user, :read_project, project)
=> true
by default you're not allowed to :set_mattress_on_fire or :ride_tricycle_on_roof, or whatever wacky abilities a user asks, seems legit
This was discovered by trying to find the policy override_project_member
which appears to have never existed and hid in the codebase since ~2017. Are there other nonexistent keys we don't know about?
Context
See https://gitlab.slack.com/archives/C8HG8D9MY/p1659484641598259 for slack thread (internal, valid 90 days) and !81393 (comment 1048338372) for context.
Possible fixes
Some options
- Do nothing. Continue to return
false
to any policy check where the key isn't defined - Raise an error if a policy key can't be found
- Log if a key can't be found
- something else...?
Edited by charlie ablett