1

I'm doing this in the User#Show view:

<% if policy(Gallery.new).create? %>
  <%= link_to "Add a photo gallery for #{@user.name}", new_user_gallery_path(@user), class: 'btn btn-success' %>
<% end %>

and Admin can add galleries to any user. But nobody else can.

Here's the Gallery Policy:

class GalleryPolicy < ApplicationPolicy
   def create?
     user.present? && (record.user == user || user.admin?)
   end

   def new?
    create?
  end
end

Here's the Application Policy:

class ApplicationPolicy
  attr_reader :user, :record

  def initialize(user, record)
    @user = user
    @record = record
  end

  def index?
    true
  end

  def show?
    scope.where(:id => record.id).exists?
  end

  def create?
    user.present?
  end

  def new?
    create?
  end

  def update?
    user.present? && (record.user == user || user.admin?)
  end

  def edit?
    update?
  end

  def destroy?
    update?
  end

  def scope
    record.class
  end

  class Scope
    attr_reader :user, :scope

    def initialize(user, scope)
      @user = user
      @scope = scope
    end

    def resolve
      scope
    end
  end
end

As you can see, a user should be logged in and the record should belong to them or they should be admin for them to create galleries. What am I doing wrong?

Doon
  • 19,719
  • 3
  • 40
  • 44
Rachel
  • 125
  • 1
  • 9
  • Can you provide more information please? "Pundit doesn't appear to be doing the policy correctly" is not helpful. "Admin can add galleries to any user. But nobody else can." is this the requirement or the incorrect, current functionality? " a user should be logged in and the record should belong to them or they should be admin for them to create galleries" yes, that is what your Policy says. What is the expected behavior, and what is the current, incorrect behavior? – deefour May 10 '15 at 00:42

1 Answers1

2

does specifying the Policy this way 

if policy(Gallery).create?

change the outcome?

Doon
  • 19,719
  • 3
  • 40
  • 44
  • I get this error: NoMethodError in Users#show Showing /Users/RachelBird/code/jackhuahua/app/views/users/show.html.erb where line #36 raised: undefined method `user' for # – Rachel May 09 '15 at 20:50
  • I am going to assume that line 36 of users/show is `<%= link_to "Add a photo gallery for #{@user.name}",` ? Or if not,what is the line? if so do you have @user specified in your current controller? is it set to current_user? The policy looks correct,, but it think the error is outside the policy. – Doon May 10 '15 at 00:17
  • Actually, line 36 is <% if policy(Gallery.new).create? %>. Is there another part of my code I should be showing you? – Rachel May 10 '15 at 19:44
  • please show your app/models/gallery.rb That errors sounds like gallery doesn't belong_to user? or the relation isn't called user. looks like it is trying to call record.user == user and it is falling with no such method user – Doon May 10 '15 at 20:26
  • figured it out! def create? user.present? && (user == record.user || user.admin?) end – Rachel May 11 '15 at 17:34
  • Sorry. That didn't make sense. Meant to share this: <% if policy(Gallery.new(user: @user)).create? %> – Rachel May 14 '15 at 01:52