current_user should not be limited to ActiveRecord::Base class

[xeron]

Describe the bug

Avo 3.11.8 introduced a change which checks if current_user has the ActiveRecord::Base class. PR #3102. This breaks authentication schemes which don't use AR and set current_user using custom code (e.g. from HTTP Basic Auth).

avo/app/components/avo/sidebar_profile_component.rb

Lines 3 to 4 in 3a12d4a

	class Avo::SidebarProfileComponent < Avo::BaseComponent
	prop :user, _Nilable(ActiveRecord::Base)

Steps to Reproduce

Code sample:

/config/initializers/avo.rb:

Rails.configuration.to_prepare do
  Avo::ApplicationController.include AvoCurrentUser
end

/app/avo/concerns/avo_current_user.rb:

module AvoCurrentUser
  extend ActiveSupport::Concern

  User = Struct.new(:name)

  protected

    def current_user
      user, _pass = ActionController::HttpAuthentication::Basic.user_name_and_password(request)
      User.new(user)
    end
end

Expected behavior & Actual behavior

Custom current_user should work as long as it implements required readers (e.g. name). However starting with Avo 3.11.8 it fails with a error:

13:41:36 web.1  | ActionView::Template::Error (Expected `#<struct AvoCurrentUser::User name=nil>` to be of type: `_Nilable(ActiveRecord::Base)`.):
13:41:36 web.1  |
13:41:36 web.1  | Causes:
13:41:36 web.1  | Literal::TypeError (Expected `#<struct AvoCurrentUser::User name=nil>` to be of type: `_Nilable(ActiveRecord::Base)`.)
13:41:36 web.1  |     32:         <%= render partial: "avo/partials/navbar" %>
13:41:36 web.1  |     33:         <div data-sidebar-target="mainArea" class="content-area flex-1 flex pt-16 relative <%= "sidebar-open" if @sidebar_open %>">
13:41:36 web.1  |     34:           <div class="hidden lg:flex">
13:41:36 web.1  |     35:             <%= render Avo::SidebarComponent.new sidebar_open: @sidebar_open %>
13:41:36 web.1  |     36:           </div>
13:41:36 web.1  |     37:           <div class="flex lg:hidden">
13:41:36 web.1  |     38:             <%= render Avo::SidebarComponent.new sidebar_open: false, for_mobile: true %>
13:41:36 web.1  |
13:41:36 web.1  | (eval):7:in `initialize'

Models and resource files

N/A.

System configuration

Avo version: 3.11.8+
Rails version: 7.2.1
Ruby version: 3.1.6

License type:

• Community
• Pro
• Advanced

Are you using Avo monkey patches, overriding views or view components?

• Yes. If so, please post code samples.
• No

Screenshots or screen recordings

N/A.

Additional context

N/A.

Impact

• High impact (It makes my app un-usable.)
• Medium impact (I'm annoyed, but I'll live.)
• Low impact (It's really a tiny thing that I could live with.)

Urgency

• High urgency (I can't continue development without it.)
• Medium urgency (I found a workaround, but I'd love to have it fixed.)
• Low urgency (It can wait. I just wanted you to know about it.)

[rickychilcott]

I ran into something similar (i.e. _Nilable(ActiveRecord::Base) type error) on a resource that loosely was following this guide: https://docs.avohq.io/3.0/guides/rest-api-integration.html

[adrianthedev]

Yes. We agree. That shouldn't be tied to ActiveRecord.
We will fix it in next week's release.

[rickychilcott]

Sounds good. I wonder if Literal's InterfaceType could be better? https://github.com/joeldrapper/literal/blob/2e3ee130e9f894c3b6e3c0d2763f760e801f6ad2/lib/literal/types/interface_type.rb#L4

[adrianthedev]

That would be great if we actually enforced anything.
We do use some methods if they are defined on that object (avatar, avo_name, avo_title, is_admin?, is_developer?) but we don't need them.

But thanks for pointing that out. We stil have a few things to learn about literal.

[adrianthedev]

I pushed a fix in #3195 but I want to wait for @Paul-Bob to have a look over the original PR to see if we missed others like this one.
We'll have it merged on Tuesday just in time for the release.