How to authorize from an especific policy in pundit (Rails)

Question

Is there a way to specify the policy class in the authorization method in Pundit? When you do

    authorize @user, :show

It uses the UserPolicy class, because @user is a User (Model) instance. Does anybody know a way to perform the authorize method on another policy class? like CustomerPolicy, without the existence of the Customer model class.

Nice, was right there (noob). Just add that if the policy is namespaced then you'll need to give an array of symbols with the namespaces, like if you got `People::CustomerPolicy`, then the authorize will be `authorize [:people, :customer]`. If helps somebody :P — mariowise, Aug 15 '15 at 17:06

max · Accepted Answer · 2015-08-16T06:04:17.143

3

You can use a symbol instead of a model instance to invoke a "headless" policy (a policy without a backing model).

authorize :customer, :show
# or for a namespaced policy
authorize [:people, :customer]

Another option is to set the policy on the model class:

class User < ActiveRecord::Base
  def self.policy_class
    CustomerPolicy
  end
end

edited Aug 16 '15 at 06:04

answered Aug 15 '15 at 18:53

max

96,212
14
104
165

How to authorize from an especific policy in pundit (Rails)

1 Answers1