Need help authorizing index action with Pundit

Question

I'm using Pundit and Devise on my app. My index action looks like this in my wikis_controller:

  def index
    @wikis = current_user.wikis
    authorize @wikis
  end

I'm trying to prevent un-signed-in users to access this index action but @wikis is getting set to undefined since there is no user logged in. In return, it's not authorizing.

How can I fix this?

score 1 · Accepted Answer · answered Mar 06 '18 at 08:34

You can authorize against the model instead of an object.

The code

authorize Wiki

will trigger the index? action in your pundit policy without the user object. In addition, you can use a scope to filter the data on a another level https://github.com/varvet/pundit#scopes.

Need help authorizing index action with Pundit

1 Answers1