From 077a371d0a2bfbf6f9cdd6c180e2cc63c4bacf2d Mon Sep 17 00:00:00 2001
From: jazairi <16103405+jazairi@users.noreply.github.com>
Date: Wed, 26 Jun 2024 08:54:58 -0400
Subject: [PATCH] Add note about potential DRY issues with Pundit

---
 .../0005-use-cancancan-for-authorization.md                 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/architecture-decisions/0005-use-cancancan-for-authorization.md b/docs/architecture-decisions/0005-use-cancancan-for-authorization.md
index 751f7a3..ef4f3bf 100644
--- a/docs/architecture-decisions/0005-use-cancancan-for-authorization.md
+++ b/docs/architecture-decisions/0005-use-cancancan-for-authorization.md
@@ -53,7 +53,11 @@ for a more detailed example.)
 
 Pundit also allows for more granular access control via
 [scopes](https://github.com/varvet/pundit?tab=readme-ov-file#scopes). This feature is the most compelling reason to
-choose Pundit over CanCanCan, but it's unclear whether we would need it in this application.
+choose Pundit over CanCanCan, but it's unclear whether we would need it in this application. 
+
+Because it requires a separate policy class per model, Pundit can require some repetitive code if authorization
+policies are similar across multiple models. We might be able to mitigate this by abstracting common logic to the
+`ApplicationPolicy` from which all policy classes inherit. 
 
 ### Action Policy