So I'm using Pundit to check for authorization access.
Before each controller in my application, I have
class ReservationsController < ApplicationController
before_action :authorize_reception!
With the helper module:
module AuthorizeMethods
def authorize_admin!
authorize User, :admin?
end
def authorize_reception!
authorize user, :allow_reception?
end
And also this User policy
class UserPolicy
def initialize(user, _resource)
@user = user
end
def admin?
@user.hotel_admin
end
def reception?
admin? || @user.allow_reception
end
I now want to give access to reception roles to JUST the action :index from the reservations controller.
I came up with this:
class ReservationsController < ApplicationController
sip_before_action :admin!, only: [:index]
before_action :authorize_reception!, only: [:index]
So that for every other action it needs an admin, and for index, just a reception role. But my reception role, is having access to all actions of the controller (edit, delete, create), not just index.
