1

How do we go about authorizing associations when creating and updating records with pundit in rails.

For example if we're updating a comment record that belongs to a post, we need to make sure the user has the permission to access that post or else it's a security breach.

Raz
  • 8,981
  • 4
  • 19
  • 18

1 Answers1

1

Inside the create action you can do like:

def create
  authorize @comment.post # this checks the authorization of Post
  authorize @comment # and then for comment
  #.. then code to create the comment
end
Arup Rakshit
  • 116,827
  • 30
  • 260
  • 317