Something I’ve come across a few times when building plugins is the need to modify the outcome of Guardiancan_* checks. I’ve come across it again in the ActivityPub Plugin:
I’ve just raised a draft PR that adds a new server-side plugin api method that allows you to register before and after checks to guardian can_* methods, affording the ability to change the outcome of the method. For example
add_guardian_check(:before, :edit_post) do |guardian, result, post|
!post.activity_pub_remote?
end
Curious to get feedback on both the approach and the execution before publishing it for review.
I don’t see any issues with the before_* register. The after_* register is a little trickier. Security-wise, the after_* register means plugins can override core in ways that may be unsafe. Obviously plugins can do this in all sorts of ways, but the plugin API shouldn’t facilitate it even further.
Also, what happens if multiple plugins consume the after_* hook? Which one wins?