how can I read instance variable in rails controller action to pundit policy

Question

controller show action

def show
   @batch = Batch.find(params[:id])
   @batch_id = @batch.id
   authorize @batch
end

pundit policy

def show?
puts @batch_id
    if !current_user.nil? && (current_user.role?('Student')) ||  (current_user.role?('Administrator')) || (current_user.role?('SupportSpecialist')) || (current_user.role?('Instructor'))
      true
    else
      false
    end
  end

I am getting nil when I puts @batch_id, how can I get that value in policy action

Have you initialize method in your policy? – atomdev Mar 04 '15 at 13:46 — atomdev, Mar 04 '15 at 13:46

score 4 · Accepted Answer · edited Jun 20 '20 at 09:12

Your controller:

def show
  @batch = Batch.find(params[:id])
  @batch_id = @batch.id
  authorize @batch
end

Your policy file might be:

class BatchPolicy
  attr_reader :user, :record
 
  def initialize(user, record)
    @user = user
    @record = record
  end
     
  def show?
    true if record ...  // record will be equal @batch
  end  
end

If you want additional context, then you must know:

Pundit strongly encourages you to model your application in such a way that the only context you need for authorization is a user object and a domain model that you want to check authorization for. If you find yourself needing more context than that, consider whether you are authorizing the right domain model, maybe another domain model (or a wrapper around multiple domain models) can provide the context you need.

Pundit does not allow you to pass additional arguments to policies for precisely this reason.

There you can learn about it from the horse's mouth.

how can I read instance variable in rails controller action to pundit policy

1 Answers1