stevepentler/AssetsService.md

Last active February 9, 2018 21:41

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/stevepentler/97aa2269a18f622d5555535859ad0874.js"></script>
Save stevepentler/97aa2269a18f622d5555535859ad0874 to your computer and use it in GitHub Desktop.

Download ZIP

Assets Service

Raw

AssetsService.md

1. Clean up the is_authorized? method (referenced by readable_by?/collabable_by?)

We inconsistently implement has_guest_password_access_to, so centralizing this will be helpful
has_guest_password_access_to belongs in authorization methods instead of an asset scope

2. We need to correct the expectation that we only made one query in the past, and we only need one query/scope in the future

Controllers used to front-load a lot of the queries that were necessary for the approvals checks

ex: https://github.com/brandfolder/boulder/blob/cd9eda0c306aaf1607512b06915945541f0278e7/app/controllers/api/v4/brandfolders/attachments_controller.rb#L6-L8
- granular permissions have always been central to approvals
- now we reference collabable_by? (likely cached in AR) in the assets service instead so we can keep controllers at assets = assets_service_for(brandfolder).get_assets

3. The assets service does not handle org level searches well, but look at what it used to be...

Original: https://github.com/brandfolder/boulder/blob/master/app/controllers/api/v3/assets_controller.rb

Revised: https://github.com/brandfolder/boulder/blob/7ff318f5fb755726589f6d4524d15a1c365b9fab/app/controllers/api/v3/assets_controller.rb

note that this has the same amount of queries, and we never even used to scope to approved_only because of performance

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment