Ref: action_policy#7.
Since Action Policy lookup mechanism relies on the target record's class properties (names, methods) it could break when using with decorators.
To make authorize! and other behaviour methods work seamlessly with decorated
objects, you might want to enhance the policy_for method.
For example, when using the Draper gem:
module ActionPolicy
module Draper
def policy_for(record:, **opts)
# From https://github.com/GoodMeasuresLLC/draper-cancancan/blob/master/lib/draper/cancancan.rb
record = record.model while record.is_a?(::Draper::Decorator)
super(record: record, **opts)
end
end
end
class ApplicationController < ActionController::Base
prepend ActionPolicy::Draper
end