How to permit params by action and current user role in Rails with Pundit

Question

My app allows some users to create products using Pundit. But these users do not have the same permitted params.

I can't delete the keys because the logic is very complex and it's hard to read.

How can I permit the params by their role? What is the best way to do it?

Thank you so much.

score 1 · Answer 1 · answered Jan 13 '18 at 20:52

1

This should work

def user_params
  list_allowed = [:email, :title, :last_name, :first_name, :phone]
  list_allowed << :role << other_param << another_param if current_user.admin?
  params.require(:user).permit(list_allowed)
end

answered Jan 13 '18 at 20:52

Nove124

223
2
6

How to permit params by action and current user role in Rails with Pundit

1 Answers1