We have a model that gets its own access token, like when sharing a google doc or dropbox folder.
Can we use the params[:token] with Pundit's authorize method? It's a little strange to have that part in the controller and not in the policy.
Asked
Active
Viewed 342 times
1 Answers
1
Pundit is authorization for Ruby objects. You don't authorize a string token, you authorize the related model.
@doc = Document.find_by(token: params[:token])
authorize @doc, :show?
deefour
- 34,974
- 7
- 97
- 90